CVE-2024-53198

MEDIUM EPSS 13.5%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the probe operation was performed earlier without a corresponding remove operation. Since the probe actually allocates resources, failing to perform the remove operation could lead to problems. To fix this issue, we followed the resource release logic of the xenbus_dev_remove() function by adding a new block fail_remove before the fail_put block. After entering the branch if (err) at line 313, the function will use a goto statement to jump to the fail_remove block, ensuring that the previously acquired resources are correctly released, thus preventing the reference count leak. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
13.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥2.6.23  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afc545da381ba0c651b2658966ac737032676f01
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afc545da381ba0c651b2658966ac737032676f01
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd
    Patch