CVE-2024-39494

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-39494
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39494.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39494
Downstream
Related
Published
2024-07-12T12:20:30.348Z
Modified
2026-05-15T11:54:34.193920638Z
Summary
ima: Fix use-after-free on a dentry's dname.name
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry's dname.name

->dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->dlock on dentry, ->dlock on its parent, ->irwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39494.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.7.0
Fixed
5.4.291
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.235
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.97
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39494.json"