{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50012", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.061Z", "datePublished": "2024-10-21T18:54:04.377Z", "dateUpdated": "2024-11-08T15:57:55.346Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:57:55.346Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/cpufreq.h"], "versions": [{"version": "1da177e4c3f4", "lessThan": "6c3d83878392", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0f41f383b5a6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "77f88b17387a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "47cb1d9278f1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c0f02536fffb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/linux/cpufreq.h"], "versions": [{"version": "6.1.116", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b"}, {"url": "https://git.kernel.org/stable/c/0f41f383b5a61a2bf6429a449ebba7fb08179d81"}, {"url": "https://git.kernel.org/stable/c/77f88b17387a017416babf1e6488fa17682287e2"}, {"url": "https://git.kernel.org/stable/c/47cb1d9278f179df8250304ec41009e3e836a926"}, {"url": "https://git.kernel.org/stable/c/c0f02536fffbbec71aced36d52a765f8c4493dc2"}], "title": "cpufreq: Avoid a bad reference count on CPU node", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:28:30.584566Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:48.565Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50012", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:28:30.584566Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:33.642Z"}}], "cna": {"title": "cpufreq: Avoid a bad reference count on CPU node", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "6c3d83878392", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0f41f383b5a6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "77f88b17387a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "47cb1d9278f1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c0f02536fffb", "versionType": "git"}], "programFiles": ["include/linux/cpufreq.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.116", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc2", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/linux/cpufreq.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b"}, {"url": "https://git.kernel.org/stable/c/0f41f383b5a61a2bf6429a449ebba7fb08179d81"}, {"url": "https://git.kernel.org/stable/c/77f88b17387a017416babf1e6488fa17682287e2"}, {"url": "https://git.kernel.org/stable/c/47cb1d9278f179df8250304ec41009e3e836a926"}, {"url": "https://git.kernel.org/stable/c/c0f02536fffbbec71aced36d52a765f8c4493dc2"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:57:55.346Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50012", "state": "PUBLISHED", "dateUpdated": "2024-11-08T15:57:55.346Z", "dateReserved": "2024-10-21T12:17:06.061Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:54:04.377Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B527B5F-BDDA-424E-932E-16FCAAB575E2", "versionEndExcluding": "6.6.55", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: evitar un recuento de referencia incorrecto en el nodo de CPU En la funci\u00f3n parse_perf_domain, si la llamada a of_parse_phandle_with_args devuelve un error, la referencia al nodo de dispositivo de CPU que se adquiri\u00f3 al inicio de la funci\u00f3n no se decrementar\u00eda correctamente. Aborde esto declarando la variable con el atributo de limpieza __free(device_node)."}], "id": "CVE-2024-50012", "lastModified": "2024-11-08T16:15:41.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T19:15:04.683", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f41f383b5a61a2bf6429a449ebba7fb08179d81"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47cb1d9278f179df8250304ec41009e3e836a926"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/77f88b17387a017416babf1e6488fa17682287e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c0f02536fffbbec71aced36d52a765f8c4493dc2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cpufreq: Avoid a bad reference count on CPU node", "id": "2320426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320426"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncpufreq: Avoid a bad reference count on CPU node\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute."], "name": "CVE-2024-50012", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50012\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50012\nhttps://lore.kernel.org/linux-cve-announce/2024102109-CVE-2024-50012-db7d@gregkh/T"], "threat_severity": "Moderate"}