CVE-2024-27054: s390/dasd: fix double module refcount decrement
First published: Wed May 01 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to artificially decrease on each error while it should just stay the same.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/ad999aa18103fa038787b6a8a55020abcf34df1a
- https://git.kernel.org/stable/c/c3116e62ddeff79cae342147753ce596f01fcf06
- https://git.kernel.org/stable/c/ebc5a3bd79e54f98c885c26f0862a27a02c487c5
- https://git.kernel.org/stable/c/ec09bcab32fc4765e0cc97e1b72cdd067135f37e
- https://git.kernel.org/stable/c/edbdb0d94143db46edd373cc93e433832d29fe19
- https://git.kernel.org/stable/c/fa18aa507ea71d8914b6acb2c94db311c757c650
- https://launchpad.net/bugs/cve/CVE-2024-27054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27054
- https://nvd.nist.gov/vuln/detail/CVE-2024-27054
- https://security-tracker.debian.org/tracker/CVE-2024-27054
- https://ubuntu.com/security/CVE-2024-27054
- https://git.kernel.org/linus/c3116e62ddeff79cae342147753ce596f01fcf06
Frequently Asked Questions
What is the severity of CVE-2024-27054?
CVE-2024-27054 has been categorized as a moderate severity vulnerability.
How do I fix CVE-2024-27054?
To fix CVE-2024-27054, upgrade your Linux kernel to version 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1 depending on your distribution.
Which software versions are affected by CVE-2024-27054?
CVE-2024-27054 affects Linux kernel versions up to and including 5.10.226-1.
What is the nature of the vulnerability described in CVE-2024-27054?
CVE-2024-27054 is related to an improper handling of module reference counts in the Linux kernel's s390/dasd component.
Is CVE-2024-27054 specific to any Linux distributions?
Yes, CVE-2024-27054 specifically affects the Debian Linux distribution.
- agent/title
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-api
- source/NVD
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/debian