CVE-2024-27389

Using the combo of ddrop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use dinvalidate() and update the code to not bother checking for error codes that can never happen.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2024/27xxx/CVE-2024-27389.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

609e28bb139e53621521130f0d4aea27a725d465

Fixed

db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

609e28bb139e53621521130f0d4aea27a725d465

Fixed

4cdf9006fc095af71da80e9b5f48a32e991b9ed3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

609e28bb139e53621521130f0d4aea27a725d465

Fixed

cb9e802e49c24eeb3af35e9e8c04d526f35f112a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

609e28bb139e53621521130f0d4aea27a725d465

Fixed

340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

609e28bb139e53621521130f0d4aea27a725d465

Fixed

a43e0fc5e9134a46515de2f2f8d4100b74e50de3

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.8.0

Fixed

6.1.83

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.23

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.7.11

Type: ECOSYSTEM
Events: Introduced

6.8.0

Fixed

6.8.2