CVE-2024-44971

net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71 patch
https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819 patch
https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c patch
https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c patch
https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a patch
https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a patch

Frequently Asked Questions

What is the severity of CVE-2024-44971?
CVE-2024-44971 has been scored as a medium severity vulnerability.
How to fix CVE-2024-44971?
To fix CVE-2024-44971, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44971 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-44971 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44971?
CVE-2024-44971 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.