AZL-67496

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67496.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67496

Upstream

CVE-2024-27389

Published

2024-05-01T13:15:51Z

Modified

2026-04-01T05:21:13.289383Z

Summary

CVE-2024-27389 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

pstore: inode: Only d_invalidate() is needed

Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning:

WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

Using the combo of ddrop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use dinvalidate() and update the code to not bother checking for error codes that can never happen.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27389

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67496.json"