CVE-2024-38602: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-38602 is a memory leak vulnerability discovered in the Linux kernel's AX.25 networking subsystem. The issue was identified in the ax25addrax25dev() and ax25devdevicedown() functions, where reference counting of the 'ax25dev' object was improperly handled. The vulnerability affects Linux kernel versions from 5.17 up to versions before 6.1.93, 6.2 through 6.6.33, 6.7 through 6.8.12, and 6.9 through 6.9.3 (NVD).

The vulnerability stems from two specific reference counting issues in the AX.25 subsystem. In ax25addrax25dev(), the reference count of the 'ax25dev' object could be increased multiple times without proper management. Additionally, in ax25devdevicedown(), the reference count management was inconsistent - it was set to 1 in ax25devdeviceup() and increased when added to ax25dev_list, resulting in a count of 2, but the shutdown process would drop the count inconsistently. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is memory leaks in the Linux kernel. When exploited, it could lead to gradual system resource depletion, potentially affecting system stability and performance over time (Kernel Patch).

The vulnerability has been patched in the Linux kernel. The fix involves adding a break statement in ax25addrax25dev() to prevent multiple reference count increases, and modifying the reference count management in ax25devdevice_down(). System administrators should update to patched kernel versions: 6.1.93 or later, 6.6.33 or later, 6.8.12 or later, or 6.9.3 or later (Kernel Patch).