CVE-2024-43871: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-43871 is a memory leakage vulnerability in the Linux kernel's device resource management system, specifically in the driver API devm_free_percpu(). The vulnerability was discovered on July 2, 2024, and was publicly disclosed on August 20, 2024. It affects Linux kernel versions from 4.10 through 6.10.3 (NVD).

The vulnerability occurs when using the driver API devm_free_percpu() to free memory that was allocated by devm_alloc_percpu(). The issue stems from the use of devres_destroy() instead of devres_release() within the devm_free_percpu() function, which leads to memory leakage. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access required with high impact on availability (NVD).

The vulnerability results in memory leakage in the Linux kernel when using specific driver API functions. This can lead to resource exhaustion over time, potentially affecting system stability and performance. The CVSS score indicates that while there is no impact on confidentiality or integrity, there is a high impact on system availability (NVD).

The vulnerability has been fixed by replacing devres_destroy() with devres_release() within the devm_free_percpu() function. The fix has been implemented in multiple kernel versions and backported to affected stable kernels. Users should update to patched kernel versions that include the fix (Kernel Patch).