CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the variable with the __free(device_node) cleanup attribute.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <6.6.55 | |
| Linux Kernel | >=6.7<6.10.14 | |
| Linux Kernel | >=6.11<6.11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b
- https://git.kernel.org/stable/c/0f41f383b5a61a2bf6429a449ebba7fb08179d81
- https://git.kernel.org/stable/c/77f88b17387a017416babf1e6488fa17682287e2
- https://git.kernel.org/stable/c/47cb1d9278f179df8250304ec41009e3e836a926
- https://git.kernel.org/stable/c/c0f02536fffbbec71aced36d52a765f8c4493dc2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50012
- https://nvd.nist.gov/vuln/detail/CVE-2024-50012
- https://launchpad.net/bugs/cve/CVE-2024-50012
- https://security-tracker.debian.org/tracker/CVE-2024-50012
- https://ubuntu.com/security/CVE-2024-50012
Frequently Asked Questions
What is the severity of CVE-2024-50012?
The severity of CVE-2024-50012 is considered to be moderate due to potential reference count issues in the Linux kernel.
How do I fix CVE-2024-50012?
To fix CVE-2024-50012, update your Linux kernel to a version that is greater than 6.10.14, less than 6.7, or between 6.11 and 6.11.3.
What are the affected versions for CVE-2024-50012?
The affected versions for CVE-2024-50012 include Linux kernel versions up to 6.6.55 as well as versions 6.10.14 and 6.11.3.
What component is impacted by CVE-2024-50012?
CVE-2024-50012 impacts the cpufreq component in the Linux kernel related to CPU node reference counting.
Is CVE-2024-50012 exploit mitigated?
There are currently no details available on mitigations for CVE-2024-50012, making updates to the kernel the primary recommendation.
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.7
- version/linux kernel/6.11