CVE Catalog

CVE-2024-14027

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the fremovexattr() syscall where the error path of strncpy_from_user() misses a fdput() call. This causes a permanent file reference leak, which in multi-threaded processes can lead to kernel memory exhaustion.

Risk Assessment

An unprivileged local user can exploit this vulnerability to intentionally exhaust kernel memory, leading to a denial of service (DoS) for the entire system.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit a71874379ec8) or apply the appropriate security patch provided by your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").

Vulnerability data from NVD (NIST) · CISA KEV · EPSS