CVE-2024-14027

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/xattr: missing fdput() in fremovexattr error path<br /> <br /> In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a<br /> file reference but returns early without calling fdput() when<br /> strncpy_from_user() fails on the name argument. In multi-threaded processes<br /> where fdget() takes the slow path, this permanently leaks one<br /> file reference per call, pinning the struct file and associated kernel<br /> objects in memory. An unprivileged local user can exploit this to cause<br /> kernel memory exhaustion. The issue was inadvertently fixed by commit<br /> a71874379ec8 ("xattr: switch to CLASS(fd)").