CVE-2024-27389

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27389
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27389.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27389
Downstream
Related
Published
2024-05-01T13:15:51Z
Modified
2025-09-18T16:14:57Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

pstore: inode: Only d_invalidate() is needed

Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning:

WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

Using the combo of ddrop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use dinvalidate() and update the code to not bother checking for error codes that can never happen.


References

Affected packages