CVE-2024-56549

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference problem in the object->file within the Linux kernel's cachefiles module, specifically in ondemand-mode. The root cause is the inconsistency between the allocated file descriptor and the lifetime of object->file, which is used by the user-space invocation to anon fd. The process that triggers the issue involves a series of function calls, including cachefiles ondemand fd write iter, fscache cookie state machine, cachefiles withdraw cookie, and cachefiles write, leading to a NULL pointer dereference when object->file is accessed after being set to NULL.

Recommendations To resolve this issue, add an additional reference count to the object->file before write or llseek operations, and decrement the reference count after these operations are completed. This ensures that object->file remains valid and accessible throughout the process, preventing the NULL pointer dereference.

Note: Since the affected versions are not explicitly specified, it is crucial to apply this fix to all versions of the Linux kernel that are potentially vulnerable to this issue.