CVE-2024-38602

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak issue has been identified in the Linux kernel, specifically in the ax25 module. The issue arises from reference count leaks in the ax25 addr ax25dev() and ax25 dev device down() functions, which can cause a memory leak. The reference count of the object ax25 dev can be increased multiple times in ax25 addr ax25dev(), leading to a memory leak. Similarly, in ax25 dev device down(), the reference count of ax25 dev is set to 1 and then increased when added to ax25 dev list, resulting in a reference count of 2. However, when the device is shutting down, ax25 dev device down() drops the reference count once or twice, depending on the circumstances, causing a memory leak. To resolve this issue, a break has been added in ax25 addr ax25dev() since it is impossible for one pointer to be on a list twice. Additionally, the reference count of ax25 dev is increased once in ax25 dev device up() and decreased after it is removed from ax25 dev list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.