PT-2024-5910 · Linux+6 · Linux Kernel+6
Zhihao Cheng
·
Published
2024-08-13
·
Updated
2026-02-21
·
CVE-2024-45003
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The vulnerability is related to the
dispose list function in the Linux kernel's vfs component. It is caused by incorrect resource cleanup or release, which can lead to a deadlock when the inode reclaiming process tries to destroy inodes marked with the I FREEING flag. This issue can occur when certain filesystems, such as ext4 with the ea inode feature or ubifs with xattr, perform inode lookups in the inode evicting callback function under the inode lru traversing context. The vulnerability can result in a denial-of-service (DoS) condition.Technical details about exploitation include:
- API Endpoints: None mentioned.
- Vulnerable Parameters or Variables:
i ea,i reg,ixa,ib,ia. - Function Names:
prune icache sb,find inode fast,ext4 evict inode,ubifs jnl write inode,inode lru isolate,iget,iget locked,ext4 iget,ubifs iget.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Resource Release
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu