Lucene search

Ubuntu.comUB:CVE-2024-44971

HistorySep 05, 2024 - 12:00 a.m.

CVE-2024-44971

2024-09-0500:00:00

ubuntu.com

linux kernel

net vulnerability

memory leak

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved:
net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
bcm_sf2_mdio_register() calls of_phy_find_device() and then
phy_device_remove() in a loop to remove existing PHY devices.
of_phy_find_device() eventually calls bus_find_device(), which calls
get_device() on the returned struct device * to increment the refcount.
The current implementation does not decrement the refcount, which causes
memory leak.
This commit adds the missing phy_device_free() call to decrement the
refcount via put_device() to balance the refcount.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN

Rows per page:

1-10 of 811

References

git.kernel.org/linus/e3862093ee93fcfbdadcb7957f5f8974fffa806a (6.11-rc3)

git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c

git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c

git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71

git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819

git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a

git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a

launchpad.net/bugs/cve/CVE-2024-44971

nvd.nist.gov/vuln/detail/CVE-2024-44971

security-tracker.debian.org/tracker/CVE-2024-44971

www.cve.org/CVERecord?id=CVE-2024-44971

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

JSON

Related for UB:CVE-2024-44971