CVE-2024-14027
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the fremovexattr() syscall where the error path of strncpy_from_user() misses a fdput() call. This causes a permanent file reference leak, which in multi-threaded processes can lead to kernel memory exhaustion.
Risk Assessment
An unprivileged local user can exploit this vulnerability to intentionally exhaust kernel memory, leading to a denial of service (DoS) for the entire system.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit a71874379ec8) or apply the appropriate security patch provided by your distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").

