CVE-2024-50021

{"id": "CVE-2024-50021", "cveTags": [], "metrics": {}, "published": "2024-10-21T20:15:15.630", "references": [{"url": "https://git.kernel.org/stable/c/aefecead9d08f4a35ab6f51ba2e408d2cef4e31d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ccca30a18e36a742e606d5bf0630e75be7711d0a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()\n\nThis patch addresses a reference count handling issue in the\nice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(),\nwhich increments the reference count of the relevant resources. However,\nif the condition WARN_ON((!vsi || !vsi->netdev)) is met, the function\ncurrently returns an error without properly releasing the resources\nacquired by ice_dpll_get_pins(), leading to a reference count leak.\n\nTo resolve this, the check has been moved to the top of the function. This\nensures that the function verifies the state before any resources are\nacquired, avoiding the need for additional resource management in the\nerror path.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch."}], "lastModified": "2024-10-21T20:15:15.630", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}