CVE-2024-56549
- Source
- https://cve.org/CVERecord?id=CVE-2024-56549
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56549.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56549
- Downstream
- Related
- Published
- 2024-12-27T14:11:30.336Z
- Modified
- 2026-03-20T12:39:50.572835Z
- Summary
- cachefiles: Fix NULL pointer dereference in object->file
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Fix NULL pointer dereference in object->file
At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue:
[write fd] [umount]cachefilesondemandfdwriteiter fscachecookiestatemachine cachefileswithdrawcookie if (!file) return -ENOBUFS cachefilescleanupobject cachefilesunmarkinodeinuse fput(object->file) object->file = NULL // file NULL pointer dereference! _cachefileswrite(..., file, ...)
Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56549.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/31ad74b20227ce6b40910ff78b1c604e42975cf1
- https://git.kernel.org/stable/c/785408bbafcfa24c9fc5b251f03fd0780ce182bd
- https://git.kernel.org/stable/c/9582c7664103c9043e80a78f5c382aa6bdd67418
- https://git.kernel.org/stable/c/d6bba3ece960129a553d4b16f1b00c884dc0993a
- https://git.kernel.org/stable/c/f98770440c9bc468e2fd878212ec9526dbe08293
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56549.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-56549
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc8383054506c77b814489c09877b5db83fd4abf2Fixedd6bba3ece960129a553d4b16f1b00c884dc0993aFixed785408bbafcfa24c9fc5b251f03fd0780ce182bdFixedf98770440c9bc468e2fd878212ec9526dbe08293Fixed9582c7664103c9043e80a78f5c382aa6bdd67418Fixed31ad74b20227ce6b40910ff78b1c604e42975cf1