CVE-2024-53075

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 25, 2024

Summary

CVE-2024-53075 is a vulnerability affecting the Linux kernel. This issue pertains to the riscv CPU node, where an improper reference count occurred during cache leave population. When ACPI is enabled, the function for populating cache leaves acquires a CPU device node, but fails to release it upon early return. Since the ACPI code does not use the CPU device node, the initialization has been moved to a later stage, ensuring the proper use of 'of_node_put' for the acquired node. Additionally, the previous function did not handle errors when acquiring the device node, resulting in a potential return of -ENOENT (No such device or address). By correcting these issues, the vulnerability has been resolved.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share