PT-2024-35539 · Linux+2 · Linux Kernel+2
Published
2024-10-25
·
Updated
2025-02-28
·
CVE-2024-53075
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue concerns a bad reference count on CPU nodes in the Linux kernel when populating cache leaves. This occurs because when ACPI is enabled, the code takes a specific branch that returns early without calling
of node put for the acquired node. To fix this, the initialization of the CPU device node has been moved past the ACPI block to ensure an of node put call for the acquired node, preventing a bad reference count. Additionally, error checking has been added for acquiring the device node to handle cases where it may not be available.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Linux Kernel
Ubuntu