{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T11:25:11.434","vulnerabilities":[{"cve":{"id":"CVE-2024-53075","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-11-19T18:15:27.077","lastModified":"2025-03-13T13:15:42.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Prevent a bad reference count on CPU nodes\n\nWhen populating cache leaves we previously fetched the CPU device node\nat the very beginning. But when ACPI is enabled we go through a\nspecific branch which returns early and does not call 'of_node_put' for\nthe node that was acquired.\n\nSince we are not using a CPU device node for the ACPI code anyways, we\ncan simply move the initialization of it just passed the ACPI block, and\nwe are guaranteed to have an 'of_node_put' call for the acquired node.\nThis prevents a bad reference count of the CPU device node.\n\nMoreover, the previous function did not check for errors when acquiring\nthe device node, so a return -ENOENT has been added for that case."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: Evitar un recuento de referencia incorrecto en los nodos de CPU Al rellenar las hojas de caché, anteriormente obteníamos el nodo del dispositivo de CPU al principio. Pero cuando ACPI está habilitado, pasamos por una rama específica que regresa temprano y no llama a 'of_node_put' para el nodo que se adquirió. Dado que de todos modos no estamos usando un nodo de dispositivo de CPU para el código ACPI, simplemente podemos mover la inicialización del mismo justo después del bloque ACPI, y tenemos la garantía de tener una llamada 'of_node_put' para el nodo adquirido. Esto evita un recuento de referencia incorrecto del nodo del dispositivo de CPU. Además, la función anterior no verificaba si había errores al adquirir el nodo del dispositivo, por lo que se agregó un retorno -ENOENT para ese caso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.11.7","matchCriteriaId":"386941FE-51A4-4893-9EC3-054AD3863E8D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*","matchCriteriaId":"7F361E1D-580F-4A2D-A509-7615F73167A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"3C95E234-D335-4B6C-96BF-E2CEBD8654ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"E0F717D8-3014-4F84-8086-0124B2111379"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/303846a3dc275e35fbb556d72f1e356ba669e4f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37233169a6ea912020c572f870075a63293b786a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/80aec5a855106c668b5978c48e789f010198b832","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}