CVE-2024-14027Linux vulnerability

9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 97.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 9
Latest updateMar 10

Description

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivile

Affected Packages3 packages

Linuxlinux/linux_kernel6.11.06.12.77
Debianlinux/linux_kernel< 6.16.3-1
CVEListV5linux/linuxc03185f4a23e7f89d84c9981091770e876e644809a3a2ae5efbbcaed37551218abed94e23c537157+4

🔴Vulnerability Details

4
CVEList
xattr: switch to CLASS(fd)2026-03-09
OSV
xattr: switch to CLASS(fd)2026-03-09
GHSA
GHSA-h9jc-64qv-h9cg: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fr2026-03-09
OSV
CVE-2024-14027: In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the frem2026-03-09

📋Vendor Advisories

3
Microsoft
xattr: switch to CLASS(fd)2026-03-10
Red Hat
kernel: xattr: switch to CLASS(fd)2026-03-09
Debian
CVE-2024-14027: linux - In the Linux kernel, the following vulnerability has been resolved: fs/xattr: m...2024

🕵️Threat Intelligence

1
Wiz
CVE-2024-14027 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2024-14027 — Linux vulnerability | cvebase