CVE-2024-49870
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49870
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49870.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49870
- Downstream
- Related
- Published
- 2024-10-21T18:01:12Z
- Modified
- 2025-10-17T14:57:10.250713Z
- Summary
- cachefiles: fix dentry leak in cachefiles_open_file()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix dentry leak in cachefilesopenfile()
A dentry leak may be caused when a lookup cookie and a cull are concurrent:
P1 | P2
cachefileslookupcookie cachefileslookupobject lookuponepositiveunlocked // get dentry cachefilescull inode->iflags |= SKERNELFILE; cachefilesopenfile cachefilesmarkinodeinuse _cachefilesmarkinodeinuse canuse = false if (!(inode->iflags & SKERNELFILE)) canuse = true return false return false // Returns an error but doesn't put dentry
After that the following WARNING will be triggered when the backend folder is umounted:
================================================================== BUG: Dentry 000000008ad87947{i=7a,n=Dx11.img} still in use (1) [unmount of ext4 sda] WARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umountcheck+0x5d/0x70 CPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25 RIP: 0010:umountcheck+0x5d/0x70 Call Trace: <TASK> dwalk+0xda/0x2b0 doonetree+0x20/0x40 shrinkdcacheforumount+0x2c/0x90 genericshutdownsuper+0x20/0x160 killblocksuper+0x1a/0x40 ext4killsb+0x22/0x40 deactivatelockedsuper+0x35/0x80
cleanup_mnt+0x104/0x160
Whether cachefilesopenfile() returns true or false, the reference count obtained by lookuppositiveunlocked() in cachefileslookup_object() should be released.
Therefore release that reference count in cachefileslookup_object() to fix the above issue and simplify the code.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/7fa2382f97421978514a419c93054eca69f5247b
- https://git.kernel.org/stable/c/c7d10fa7d7691558ff967668494672415f5fa151
- https://git.kernel.org/stable/c/d32ff64c872d7e08e893c32ba6a2374583444410
- https://git.kernel.org/stable/c/da6ef2dffe6056aad3435e6cf7c6471c2a62187c
- https://git.kernel.org/stable/c/e4a28489b310339b2b8187bec0a437709be551c1
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f08c925e7a38002bde509e66f6f891468848511Fixedd32ff64c872d7e08e893c32ba6a2374583444410
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f08c925e7a38002bde509e66f6f891468848511Fixedc7d10fa7d7691558ff967668494672415f5fa151
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f08c925e7a38002bde509e66f6f891468848511Fixede4a28489b310339b2b8187bec0a437709be551c1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f08c925e7a38002bde509e66f6f891468848511Fixed7fa2382f97421978514a419c93054eca69f5247b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1f08c925e7a38002bde509e66f6f891468848511Fixedda6ef2dffe6056aad3435e6cf7c6471c2a62187c