CVE-2024-53075

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: Prevent a bad reference count on CPU nodes<br /> <br /> When populating cache leaves we previously fetched the CPU device node<br /> at the very beginning. But when ACPI is enabled we go through a<br /> specific branch which returns early and does not call &amp;#39;of_node_put&amp;#39; for<br /> the node that was acquired.<br /> <br /> Since we are not using a CPU device node for the ACPI code anyways, we<br /> can simply move the initialization of it just passed the ACPI block, and<br /> we are guaranteed to have an &amp;#39;of_node_put&amp;#39; call for the acquired node.<br /> This prevents a bad reference count of the CPU device node.<br /> <br /> Moreover, the previous function did not check for errors when acquiring<br /> the device node, so a return -ENOENT has been added for that case.