CVE-2024-40910 is a vulnerability identified in the Linux kernel's AX.25 protocol implementation, specifically related to reference count management on inbound connections. AX.25 is a protocol used primarily in amateur packet radio networks, and its implementation in the Linux kernel manages network devices and sockets accordingly. The vulnerability arises from a refcount imbalance in the ax25_release() function, where netdev_put() is called to decrement the reference count on the associated AX.25 device when a socket is released. However, the execution path for accepting incoming connections via ax25_accept() does not call netdev_hold(), which would increment the reference count. This mismatch causes the reference count to be decremented without a corresponding increment, leading to refcount underflow errors. These errors manifest as kernel warnings such as "refcount_t: decrement hit 0; leaking memory" and "refcount_t: underflow; use-after-free," followed by kernel crashes. Additionally, attempts to reboot or remove the affected network interface result in the kernel hanging in an infinite loop waiting for the interface to become free, due to the incorrect reference count state. The patch for this vulnerability ensures that netdev_hold() and ax25_dev_hold() are called for new connections in ax25_accept(), aligning the reference count increment logic with that of ax25_bind(). This correction prevents the refcount imbalance and the resulting kernel instability. While AX.25 is a niche protocol, the vulnerability affects Linux kernel versions containing the specified commits and hashes, and can cause denial of service through kernel crashes and system hangs. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-40910 largely depends on the use of Linux systems running the vulnerable kernel versions and specifically utilizing the AX.25 protocol. Although AX.25 is primarily used in amateur radio and specialized communication systems, certain research institutions, emergency communication networks, or niche industrial applications in Europe might rely on it. Exploitation of this vulnerability can lead to kernel crashes and system hangs, resulting in denial of service (DoS). This could disrupt critical services or communications if such systems are part of operational infrastructure. The infinite loop on interface removal or system reboot could complicate recovery efforts, increasing downtime. Given the lack of authentication or user interaction requirements, an attacker with network access to the affected AX.25 interface could potentially trigger the vulnerability remotely. However, the limited deployment of AX.25 reduces the broad impact. Still, organizations involved in amateur radio, emergency services, or specialized communication sectors in Europe should consider this a significant risk to system stability and availability.

To mitigate CVE-2024-40910, European organizations should: 1) Apply the official Linux kernel patches that address the reference count imbalance in the AX.25 implementation as soon as they become available from trusted Linux distributions or kernel maintainers. 2) If patching is not immediately feasible, consider disabling the AX.25 protocol support in the kernel configuration or unloading the ax25 kernel module to prevent exposure. 3) Monitor systems for kernel warnings related to refcount underflow or memory leaks, and investigate any unexpected kernel crashes or interface removal issues. 4) Restrict network access to AX.25 interfaces to trusted users and networks, minimizing the attack surface. 5) Implement robust system monitoring and automated recovery mechanisms to handle potential kernel panics or hangs caused by this vulnerability. 6) Coordinate with vendors and maintain awareness of updates regarding this vulnerability to ensure timely remediation.