CVE-2024-27389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27389

Downstream

BELL-CVE-2024-27389

OESA-2024-1679

OESA-2024-1680

OESA-2024-1681

OESA-2024-1682

RHSA-2024:9315

SUSE-SU-2024:1641-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-27389

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Related

Published

2024-05-01T13:15:51Z

Modified

2025-09-18T16:14:57Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

pstore: inode: Only d_invalidate() is needed

Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning:

WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

Using the combo of ddrop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use dinvalidate() and update the code to not bother checking for error codes that can never happen.

References

Affected packages