PT-2024-32181 · Linux+4 · Linux Kernel+4

Published

2024-09-03

·

Updated

2025-09-26

·

CVE-2024-46767

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52
Description The issue is related to a missing of node put() call for leds in the Linux kernel, specifically when of get child by name() is called and succeeds, causing the refcount to be incremented for leds. This can lead to a problem if of node put() is not called to decrease the refcount.
Recommendations To resolve the issue, update to Linux kernel version 6.6.52 or later. As a temporary workaround, consider disabling the of get child by name() function until a patch is available. Restrict access to the vulnerable net: phy module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

BDU:2025-01664
CVE-2024-46767
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2219
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu