PT-2024-33715 · Linux+7 · Linux Kernel+7

Baokun Li

·

Published

2024-08-29

·

Updated

2026-05-26

·

CVE-2024-49870

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58
Description: A dentry leak may occur in the Linux kernel when a lookup cookie and a cull are concurrent. This happens because the reference count obtained by lookup one positive unlocked() in cachefiles look up object() is not released. As a result, a WARNING is triggered when the backend folder is umounted, indicating that a dentry is still in use.
Recommendations: To resolve this issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider disabling the cachefiles open file() function until a patch is available. Restrict access to the vulnerable cachefiles module to minimize the risk of exploitation. Avoid using the lookup one positive unlocked() function in the affected cachefiles look up object() function until the issue is resolved.

Exploit

Fix

DoS

Memory Leak

Weakness Enumeration

CWE-401

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-14046
BDU:2025-03147
CVE-2024-49870
DLA-4008-1
INFSA-2025_6966
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2367
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4376-1
OPENSUSE-SU-2025:14705-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu