CVE-2024-26993
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2024-11-05 09:19
Severity ?
Summary
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26993",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T13:37:12.333218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:44.436Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/sysfs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f28bba37fe24",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "57baab0f376b",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "84bd4c2ae9c3",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "43f00210cb25",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "5d43e072285e",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "ac107356aabc",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "a4c99b57d43b",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            },
            {
              "lessThan": "a90bca2228c0",
              "status": "affected",
              "version": "2afc9166f79b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/sysfs/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\n\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path.  If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won\u0027t get called (and would only cause an access violation by\ntrying to dereference kn-\u003eparent if it was called).  As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\n\nFix the leak by adding an explicit kobject_put() call when kn is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:19:33.795Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063"
        },
        {
          "url": "https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17"
        },
        {
          "url": "https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78"
        }
      ],
      "title": "fs: sysfs: Fix reference leak in sysfs_break_active_protection()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26993",
    "datePublished": "2024-05-01T05:28:02.462Z",
    "dateReserved": "2024-02-19T14:20:24.206Z",
    "dateUpdated": "2024-11-05T09:19:33.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26993\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:17.110\",\"lastModified\":\"2024-11-05T10:16:14.807\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\\n\\nThe sysfs_break_active_protection() routine has an obvious reference\\nleak in its error path.  If the call to kernfs_find_and_get() fails then\\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\\nroutine won\u0027t get called (and would only cause an access violation by\\ntrying to dereference kn-\u003eparent if it was called).  As a result, the\\nreference to kobj acquired at the start of the function will never be\\nreleased.\\n\\nFix the leak by adding an explicit kobject_put() call when kn is NULL.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs: sysfs: corrige la fuga de referencia en sysfs_break_active_protection() La rutina sysfs_break_active_protection() tiene una fuga de referencia obvia en su ruta de error. Si la llamada a kernfs_find_and_get() falla, entonces kn ser\u00e1 NULL, por lo que no se llamar\u00e1 a la rutina complementaria sysfs_unbreak_active_protection() (y solo causar\u00eda una infracci\u00f3n de acceso al intentar eliminar la referencia a kn-\u0026gt;parent si se llamara). Como resultado, la referencia a kobj adquirida al inicio de la funci\u00f3n nunca se publicar\u00e1. Solucione la fuga agregando una llamada expl\u00edcita a kobject_put() cuando kn sea NULL.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.