CVE-2024-39276
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39276
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39276.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-39276
- Downstream
- Related
- Published
- 2024-06-25T14:22:38.886Z
- Modified
- 2025-11-28T02:34:32.759666Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix mbcacheentry's erefcnt leak in ext4xattrblockcache_find()
Syzbot reports a warning as follows:
============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mbcachedestroy+0x224/0x290 Modules linked in: CPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7 RIP: 0010:mbcachedestroy+0x224/0x290 fs/mbcache.c:419 Call Trace: <TASK> ext4putsuper+0x6d4/0xcd0 fs/ext4/super.c:1375 genericshutdownsuper+0x136/0x2d0 fs/super.c:641 killblocksuper+0x44/0x90 fs/super.c:1675 ext4killsb+0x68/0xa0 fs/ext4/super.c:7327
[...]
This is because when finding an entry in ext4xattrblockcachefind(), if ext4sbbread() returns -ENOMEM, the ce's erefcnt, which has already grown in the _entryfind(), won't be put away, and eventually trigger the above issue in mbcache_destroy() due to reference count leakage.
So call mbcacheentry_put() on the -ENOMEM error branch as a quick fix.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39276.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21
- https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e
- https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb
- https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483
- https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16
- https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577
- https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8
- https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39276.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-39276
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb878c8a7f08f0c225b6a46ba1ac867e9c5d17807Fixed9ad75e78747b5a50dc5a52f0f8e92e920a653f16
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb265c9cb49e2074ddcdd4de99728aefdd3b3592Fixed896a7e7d0d555ad8b2b46af0c2fa7de7467f9483Fixed76dc776153a47372719d664e0fc50d6355791abbFixed681ff9a09accd8a4379f8bd30b7a1641ee19bb3eFixede941b712e758f615d311946bf98216e79145ccd9Fixeda95df6f04f2c37291adf26a74205cde0314d4577Fixedb37c0edef4e66fb21a2fbc211471195a383e5ab8Fixed0c0b4a49d3e7f49690a6827a41faeffad5df7e21
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected9da1f6d06b7a6d068e68fcfd7cbbf6b586d888e1Last affected81313ed2c705d958744882a269bf4a5e3ddec95e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.316
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.278
- Type
- ECOSYSTEM
- Events
-
Introduced5.0.0Fixed5.10.219
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.15.161
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed6.1.94
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.6.34
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.9.5