{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53075", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.976Z", "datePublished": "2024-11-19T17:31:39.625Z", "dateUpdated": "2024-12-19T09:38:31.923Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:38:31.923Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Prevent a bad reference count on CPU nodes\n\nWhen populating cache leaves we previously fetched the CPU device node\nat the very beginning. But when ACPI is enabled we go through a\nspecific branch which returns early and does not call 'of_node_put' for\nthe node that was acquired.\n\nSince we are not using a CPU device node for the ACPI code anyways, we\ncan simply move the initialization of it just passed the ACPI block, and\nwe are guaranteed to have an 'of_node_put' call for the acquired node.\nThis prevents a bad reference count of the CPU device node.\n\nMoreover, the previous function did not check for errors when acquiring\nthe device node, so a return -ENOENT has been added for that case."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/cacheinfo.c"], "versions": [{"version": "604f32ea6909b0ebb8ab0bf1ab7dc66ee3dc8955", "lessThan": "303846a3dc275e35fbb556d72f1e356ba669e4f8", "status": "affected", "versionType": "git"}, {"version": "604f32ea6909b0ebb8ab0bf1ab7dc66ee3dc8955", "lessThan": "37233169a6ea912020c572f870075a63293b786a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/kernel/cacheinfo.c"], "versions": [{"version": "6.11", "status": "affected"}, {"version": "0", "lessThan": "6.11", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.7", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/303846a3dc275e35fbb556d72f1e356ba669e4f8"}, {"url": "https://git.kernel.org/stable/c/37233169a6ea912020c572f870075a63293b786a"}], "title": "riscv: Prevent a bad reference count on CPU nodes", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "386941FE-51A4-4893-9EC3-054AD3863E8D", "versionEndExcluding": "6.11.7", "versionStartIncluding": "6.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Prevent a bad reference count on CPU nodes\n\nWhen populating cache leaves we previously fetched the CPU device node\nat the very beginning. But when ACPI is enabled we go through a\nspecific branch which returns early and does not call 'of_node_put' for\nthe node that was acquired.\n\nSince we are not using a CPU device node for the ACPI code anyways, we\ncan simply move the initialization of it just passed the ACPI block, and\nwe are guaranteed to have an 'of_node_put' call for the acquired node.\nThis prevents a bad reference count of the CPU device node.\n\nMoreover, the previous function did not check for errors when acquiring\nthe device node, so a return -ENOENT has been added for that case."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Evitar un recuento de referencia incorrecto en los nodos de CPU Al rellenar las hojas de cach\u00e9, anteriormente obten\u00edamos el nodo del dispositivo de CPU al principio. Pero cuando ACPI est\u00e1 habilitado, pasamos por una rama espec\u00edfica que regresa temprano y no llama a 'of_node_put' para el nodo que se adquiri\u00f3. Dado que de todos modos no estamos usando un nodo de dispositivo de CPU para el c\u00f3digo ACPI, simplemente podemos mover la inicializaci\u00f3n del mismo justo despu\u00e9s del bloque ACPI, y tenemos la garant\u00eda de tener una llamada 'of_node_put' para el nodo adquirido. Esto evita un recuento de referencia incorrecto del nodo del dispositivo de CPU. Adem\u00e1s, la funci\u00f3n anterior no verificaba si hab\u00eda errores al adquirir el nodo del dispositivo, por lo que se agreg\u00f3 un retorno -ENOENT para ese caso."}], "id": "CVE-2024-53075", "lastModified": "2024-11-25T13:58:31.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-19T18:15:27.077", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/303846a3dc275e35fbb556d72f1e356ba669e4f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/37233169a6ea912020c572f870075a63293b786a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: riscv: Prevent a bad reference count on CPU nodes", "id": "2327386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327386"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv: Prevent a bad reference count on CPU nodes\nWhen populating cache leaves we previously fetched the CPU device node\nat the very beginning. But when ACPI is enabled we go through a\nspecific branch which returns early and does not call 'of_node_put' for\nthe node that was acquired.\nSince we are not using a CPU device node for the ACPI code anyways, we\ncan simply move the initialization of it just passed the ACPI block, and\nwe are guaranteed to have an 'of_node_put' call for the acquired node.\nThis prevents a bad reference count of the CPU device node.\nMoreover, the previous function did not check for errors when acquiring\nthe device node, so a return -ENOENT has been added for that case."], "name": "CVE-2024-53075", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53075\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53075\nhttps://lore.kernel.org/linux-cve-announce/2024111924-CVE-2024-53075-2e34@gregkh/T"], "threat_severity": "Moderate"}