What is CVE-2024-44971?

CVE-2024-44971 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10, classified as a Memory Leak flaw (CWE-401). CVE-2024-44971 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-44971?

CVE-2024-44971 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-44971?

No patch is currently available for CVE-2024-44971. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-44971 actively exploited?

CVE-2024-44971 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Memory Leak (CWE-401)?

The product does not release memory after use, causing gradual resource exhaustion. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/401.html

CVE-2024-44971

Medium

In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount.

Package Linux Kernel

Published 2024-09-04

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-401

CVE-2024-44971 is a Memory Leak vulnerability

What is Memory Leak?

The product does not release memory after use, causing gradual resource exhaustion. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2024-44971 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71
Patch

6 patch commits total View all on NVD

Details

CVE ID CVE-2024-44971

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-09-04

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-44971?

CVE-2024-44971 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 , classified as a Memory Leak flaw (CWE-401) . CVE-2024-44971 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-44971?

CVE-2024-44971 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-44971?

No patch is currently available for CVE-2024-44971. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-44971 actively exploited?

No — CVE-2024-44971 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Memory Leak (CWE-401)?

The product does not release memory after use, causing gradual resource exhaustion. View CWE-401 on MITRE CWE →