6 matches found
CVE-2024-14027
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...
AZL-79538 CVE-2024-14027 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...
UBUNTU-CVE-2024-14027
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...
CVE-2024-14027
In the Linux kernel, CVE-2024-14027 affects the xattr path: fremovexattr() calls fdget() but omits fdput() on failure of strncpy_from_user() for the name argument, leaking a file reference per call in multi-threaded processes and enabling local kernel memory exhaustion by an unprivileged user. Th...
CVE-2024-14027 xattr: switch to CLASS(fd)
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput in fremovexattr error path In the Linux kernel, the fremovexattr syscall calls fdget to acquire a file reference but returns early without calling fdput when strncpyfromuser fails on the name argument. In...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of the fdput call in the fremovexattr error path. This vulnerability could potentiall...