CVE-2024-39494

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Linux kernel's IMA (Integrity Measurement Architecture) component, specifically in the ima collect measurement() function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs because the d name.name field of a dentry can change when renamed, and the earlier value can be freed. However, the conditions to stabilize this, such as d lock on the dentry, its parent, or i rwsem exclusive on the parent's inode, and rename lock, are not met at the affected sites. To resolve this, a stable snapshot of the name is taken instead.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.