CVE-2024-53075

UNKNOWN

Published 2024-11-19T17:31:39.625Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-53075. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: Prevent a bad reference count on CPU nodes

When populating cache leaves we previously fetched the CPU device node
at the very beginning. But when ACPI is enabled we go through a
specific branch which returns early and does not call 'of_node_put' for
the node that was acquired.

Since we are not using a CPU device node for the ACPI code anyways, we
can simply move the initialization of it just passed the ACPI block, and
we are guaranteed to have an 'of_node_put' call for the acquired node.
This prevents a bad reference count of the CPU device node.

Moreover, the previous function did not check for errors when acquiring
the device node, so a return -ENOENT has been added for that case.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

ebccacb0b599fa788a16eff35a7de14621f56804 604f32ea6909b0ebb8ab0bf1ab7dc66ee3dc8955 604f32ea6909b0ebb8ab0bf1ab7dc66ee3dc8955

Linux

Affected Versions:

6.11 0 6.11.7 6.12

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-7866-w9g3-g699

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: riscv: Prevent a bad reference count on CPU nodes When populating cache leaves we previously fetched the CPU device node at the very beginning. But when ACPI is enabled we go through a specific branch which returns early and does not call 'of_node_put' for the node that was acquired. Since we are not using a CPU device node for the ACPI code anyways, we can simply move the initialization of it just passed the ACPI block, and we are guaranteed to have an 'of_node_put' call for the acquired node. This prevents a bad reference count of the CPU device node. Moreover, the previous function did not check for errors when acquiring the device node, so a return -ENOENT has been added for that case.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-53075

WEB https://git.kernel.org/stable/c/303846a3dc275e35fbb556d72f1e356ba669e4f8

WEB https://git.kernel.org/stable/c/37233169a6ea912020c572f870075a63293b786a

WEB https://git.kernel.org/stable/c/80aec5a855106c668b5978c48e789f010198b832

Advisory provided by GitHub Security Advisory Database. Published: November 19, 2024, Modified: March 13, 2025

References

https://git.kernel.org/stable/c/80aec5a855106c668b5978c48e789f010198b832

https://git.kernel.org/stable/c/303846a3dc275e35fbb556d72f1e356ba669e4f8

https://git.kernel.org/stable/c/37233169a6ea912020c572f870075a63293b786a

Published: 2024-11-19T17:31:39.625Z

Last Modified: 2025-05-04T09:52:19.201Z

Copied to clipboard!

CVE-2024-53075

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!