CVE-2024-14027

In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpyfromuser() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/14xxx/CVE-2024-14027.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c3a5e3e872f3688ae0dc57bb78ca633921d96a91

Fixed

d151b94967c8247005435b63fc60f8f4baa320da

Fixed

a71874379ec8c6e788a61d71b3ad014a8d9a5c08

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c03185f4a23e7f89d84c9981091770e876e64480

Last affected

8d5863cb33aa424fc27115ee945ad6b96ae2facb

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-14027.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.12.77

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-14027.json"