Lucene search

K
osvGoogleOSV:CVE-2024-47733
HistoryOct 21, 2024 - 1:15 p.m.

CVE-2024-47733

2024-10-2113:15:03
Google
osv.dev
1
linux kernel
vulnerability
cve-2024-47733
netfs module
subtree
delete
remove_proc_subtree
software

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

5.1%

In the Linux kernel, the following vulnerability has been resolved:

netfs: Delete subtree of ‘fs/netfs’ when netfs module exits

In netfs_init() or fscache_proc_init(), we create dentry under ‘fs/netfs’,
but in netfs_exit(), we only delete the proc entry of ‘fs/netfs’ without
deleting its subtree. This triggers the following WARNING:

==================================================================
remove_proc_entry: removing non-empty directory ‘fs/netfs’, leaking at least ‘requests’
WARNING: CPU: 4 PID: 566 at fs/proc/generic.c:717 remove_proc_entry+0x160/0x1c0
Modules linked in: netfs(-)
CPU: 4 UID: 0 PID: 566 Comm: rmmod Not tainted 6.11.0-rc3 #860
RIP: 0010:remove_proc_entry+0x160/0x1c0
Call Trace:
<TASK>
netfs_exit+0x12/0x620 [netfs]
__do_sys_delete_module.isra.0+0x14c/0x2e0
do_syscall_64+0x4b/0x110
entry_SYSCALL_64_after_hwframe+0x76/0x7e

Therefore use remove_proc_subtree() instead of remove_proc_entry() to
fix the above problem.

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

5.1%