CVE-2024-40910

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a refcount imbalance on inbound connections in the ax25 protocol implementation. When releasing a socket, the code calls netdev put() to decrease the refcount on the associated ax.25 device, but the execution path for accepting an incoming connection never calls netdev hold(). This leads to refcount errors and ultimately to kernel crashes. A typical call trace for this situation starts with errors such as "refcount t: decrement hit 0; leaking memory" or "refcount t: underflow; use-after-free." The patch corrects these issues by ensuring that netdev hold() and ax25 dev hold() are called for new connections in ax25 accept(), making the logic consistent with ax25 bind().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.