CVE-2024-39494

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39494
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39494.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39494
Downstream
Related
Published
2024-07-12T12:20:30.348Z
Modified
2025-11-28T02:34:28.840693Z
Summary
ima: Fix use-after-free on a dentry's dname.name
Details

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry's dname.name

->dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->dlock on dentry, ->dlock on its parent, ->irwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39494.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2fe5d6def1672ae6635dd71867bf36dcfaa7434b
Fixed
480afcbeb7aaaa22677d3dd48ec590b441eaac1a
Fixed
edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb
Fixed
0b31e28fbd773aefb6164687e0767319b8199829
Fixed
7fb374981e31c193b1152ed8d3b0a95b671330d4
Fixed
dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c
Fixed
a78a6f0da57d058e2009e9958fdcef66f165208c
Fixed
be84f32bb2c981ca670922e047cdde1488b233de

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.7.0
Fixed
5.4.291
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.235
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.174
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.97
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.35
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.6