CVE-2024-43850: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove The following warning is seen during bwmon_remove due to refcount imbalance, fix this by releasing the OPPs after use. Logs: WARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Hardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Call trace: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_opp_of_table_release+0x10/0x1c devm_action_release+0x14/0x20 devres_release_all+0xa4/0x104 device_unbind_cleanup+0x18/0x60 device_release_driver_internal+0x1ec/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 bwmon_driver_exit+0x18/0x524 [icc_bwmon] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x34/0xdc el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 --[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-43850 is a vulnerability identified in the Linux kernel specifically related to the Qualcomm interconnect bandwidth monitor (icc-bwmon) driver. The issue arises from a reference count imbalance during the removal process of the bandwidth monitor (bwmon_remove). This imbalance is caused by the failure to properly release Operating Performance Points (OPPs) after their use, leading to a warning in the kernel logs and potential instability. The kernel warning is triggered in the _opp_table_kref_release function within the OPP core driver, indicating that the reference count on the OPP table is not correctly decremented, which can cause resource leaks or improper cleanup. The call trace shows the sequence of function calls leading to the warning, involving device power management and driver unregistering routines. The hardware affected is Qualcomm Technologies, Inc. X1E80100 CRD, which suggests this vulnerability affects devices using Qualcomm SoCs with this interconnect bandwidth monitoring driver. Although no known exploits are reported in the wild, the vulnerability could lead to resource mismanagement, potentially causing kernel instability or denial of service conditions if the driver is repeatedly loaded and unloaded or if the reference count imbalance leads to memory corruption. The vulnerability is fixed by ensuring that OPPs are released correctly during the bwmon_remove process, preventing the refcount imbalance. This fix is critical for maintaining kernel stability and preventing potential cascading failures in systems relying on this driver. The vulnerability affects specific Linux kernel versions identified by the commit hash b9c2ae6cac403dee3195fda9eb28d8ee733b225b, indicating it is a recent issue resolved in the latest kernel updates.
Potential Impact
For European organizations, the impact of CVE-2024-43850 depends largely on the deployment of Linux systems running on Qualcomm hardware that utilize the icc-bwmon driver. This is particularly relevant for enterprises and service providers using embedded Linux devices, telecommunications infrastructure, and IoT devices powered by Qualcomm SoCs. The vulnerability could lead to kernel instability or denial of service, which in critical infrastructure or telecom environments could disrupt services or degrade performance. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting instability could affect availability and reliability of systems. Organizations relying on Linux-based network equipment or edge devices with Qualcomm chipsets may experience increased maintenance overhead or unexpected reboots if the driver is triggered frequently. Given the absence of known exploits, the immediate risk is moderate; however, the potential for denial of service in critical systems warrants prompt attention. The impact on confidentiality and integrity is minimal, but availability could be compromised, which is significant for sectors such as telecommunications, manufacturing, and critical infrastructure prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the latest stable version that includes the patch fixing CVE-2024-43850. Specifically, ensure that systems running Qualcomm-based hardware with the icc-bwmon driver are patched to prevent the reference count imbalance. For embedded and IoT devices, coordinate with hardware vendors and device manufacturers to obtain firmware or kernel updates incorporating the fix. In environments where immediate patching is not feasible, monitor kernel logs for warnings related to _opp_table_kref_release and bwmon_remove to detect potential exploitation or instability. Implement strict change management and testing procedures for kernel updates to avoid service disruptions. Additionally, limit the frequent loading and unloading of the affected driver module as a temporary mitigation to reduce the risk of triggering the vulnerability. For critical infrastructure, consider deploying redundancy and failover mechanisms to maintain availability in case of kernel crashes. Finally, maintain an inventory of devices using Qualcomm SoCs and assess their exposure to this vulnerability to prioritize remediation efforts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland
CVE-2024-43850: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove The following warning is seen during bwmon_remove due to refcount imbalance, fix this by releasing the OPPs after use. Logs: WARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Hardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Call trace: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_opp_of_table_release+0x10/0x1c devm_action_release+0x14/0x20 devres_release_all+0xa4/0x104 device_unbind_cleanup+0x18/0x60 device_release_driver_internal+0x1ec/0x228 driver_detach+0x50/0x98 bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 bwmon_driver_exit+0x18/0x524 [icc_bwmon] __arm64_sys_delete_module+0x184/0x264 invoke_syscall+0x48/0x118 el0_svc_common.constprop.0+0xc8/0xe8 do_el0_svc+0x20/0x2c el0_svc+0x34/0xdc el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 --[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-43850 is a vulnerability identified in the Linux kernel specifically related to the Qualcomm interconnect bandwidth monitor (icc-bwmon) driver. The issue arises from a reference count imbalance during the removal process of the bandwidth monitor (bwmon_remove). This imbalance is caused by the failure to properly release Operating Performance Points (OPPs) after their use, leading to a warning in the kernel logs and potential instability. The kernel warning is triggered in the _opp_table_kref_release function within the OPP core driver, indicating that the reference count on the OPP table is not correctly decremented, which can cause resource leaks or improper cleanup. The call trace shows the sequence of function calls leading to the warning, involving device power management and driver unregistering routines. The hardware affected is Qualcomm Technologies, Inc. X1E80100 CRD, which suggests this vulnerability affects devices using Qualcomm SoCs with this interconnect bandwidth monitoring driver. Although no known exploits are reported in the wild, the vulnerability could lead to resource mismanagement, potentially causing kernel instability or denial of service conditions if the driver is repeatedly loaded and unloaded or if the reference count imbalance leads to memory corruption. The vulnerability is fixed by ensuring that OPPs are released correctly during the bwmon_remove process, preventing the refcount imbalance. This fix is critical for maintaining kernel stability and preventing potential cascading failures in systems relying on this driver. The vulnerability affects specific Linux kernel versions identified by the commit hash b9c2ae6cac403dee3195fda9eb28d8ee733b225b, indicating it is a recent issue resolved in the latest kernel updates.
Potential Impact
For European organizations, the impact of CVE-2024-43850 depends largely on the deployment of Linux systems running on Qualcomm hardware that utilize the icc-bwmon driver. This is particularly relevant for enterprises and service providers using embedded Linux devices, telecommunications infrastructure, and IoT devices powered by Qualcomm SoCs. The vulnerability could lead to kernel instability or denial of service, which in critical infrastructure or telecom environments could disrupt services or degrade performance. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting instability could affect availability and reliability of systems. Organizations relying on Linux-based network equipment or edge devices with Qualcomm chipsets may experience increased maintenance overhead or unexpected reboots if the driver is triggered frequently. Given the absence of known exploits, the immediate risk is moderate; however, the potential for denial of service in critical systems warrants prompt attention. The impact on confidentiality and integrity is minimal, but availability could be compromised, which is significant for sectors such as telecommunications, manufacturing, and critical infrastructure prevalent in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the latest stable version that includes the patch fixing CVE-2024-43850. Specifically, ensure that systems running Qualcomm-based hardware with the icc-bwmon driver are patched to prevent the reference count imbalance. For embedded and IoT devices, coordinate with hardware vendors and device manufacturers to obtain firmware or kernel updates incorporating the fix. In environments where immediate patching is not feasible, monitor kernel logs for warnings related to _opp_table_kref_release and bwmon_remove to detect potential exploitation or instability. Implement strict change management and testing procedures for kernel updates to avoid service disruptions. Additionally, limit the frequent loading and unloading of the affected driver module as a temporary mitigation to reduce the risk of triggering the vulnerability. For critical infrastructure, consider deploying redundancy and failover mechanisms to maintain availability in case of kernel crashes. Finally, maintain an inventory of devices using Qualcomm SoCs and assess their exposure to this vulnerability to prioritize remediation efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-17T09:11:59.276Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe208c
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 7:41:18 AM
Last updated: 7/28/2025, 6:17:05 PM
Views: 9
Related Threats
CVE-2025-50610: n/a
HighCVE-2025-50609: n/a
HighCVE-2025-50608: n/a
HighCVE-2025-55194: CWE-248: Uncaught Exception in Part-DB Part-DB-server
MediumCVE-2025-55197: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.