CVE-2024-35879
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/05/2024
Last modified:
23/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
of: dynamic: Synchronize of_changeset_destroy() with the devlink removals<br />
<br />
In the following sequence:<br />
1) of_platform_depopulate()<br />
2) of_overlay_remove()<br />
<br />
During the step 1, devices are destroyed and devlinks are removed.<br />
During the step 2, OF nodes are destroyed but<br />
__of_changeset_entry_destroy() can raise warnings related to missing<br />
of_node_put():<br />
ERROR: memory leak, expected refcount 1 instead of 2 ...<br />
<br />
Indeed, during the devlink removals performed at step 1, the removal<br />
itself releasing the device (and the attached of_node) is done by a job<br />
queued in a workqueue and so, it is done asynchronously with respect to<br />
function calls.<br />
When the warning is present, of_node_put() will be called but wrongly<br />
too late from the workqueue job.<br />
<br />
In order to be sure that any ongoing devlink removals are done before<br />
the of_node destruction, synchronize the of_changeset_destroy() with the<br />
devlink removals.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.42 (including) | 5.10.215 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12.9 (including) | 5.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13.1 (including) | 5.15.154 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.85 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.26 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.8.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
- https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c
- https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951
- https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82
- https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84
- https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c
- https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a
- https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c
- https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951
- https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82
- https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84
- https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html