CVE-2024-39494

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-39494
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39494.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39494
Downstream
Related
Published
2024-07-12T12:20:30.348Z
Modified
2026-03-13T07:57:01.560055Z
Summary
ima: Fix use-after-free on a dentry's dname.name
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry's dname.name

->dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->dlock on dentry, ->dlock on its parent, ->irwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39494.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2fe5d6def1672ae6635dd71867bf36dcfaa7434b
Fixed
480afcbeb7aaaa22677d3dd48ec590b441eaac1a
Fixed
edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb
Fixed
0b31e28fbd773aefb6164687e0767319b8199829
Fixed
7fb374981e31c193b1152ed8d3b0a95b671330d4
Fixed
dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c
Fixed
a78a6f0da57d058e2009e9958fdcef66f165208c
Fixed
be84f32bb2c981ca670922e047cdde1488b233de

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39494.json"