PT-2024-6715 · Linux+6 · Linux Kernel+6

Amirmohammad Eftekhar

Published

2024-05-23

Updated

2026-01-06

CVE-2024-39463

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified)

Description: The issue is related to a use-after-free vulnerability in the Linux kernel's 9p file system. This occurs when a thread looks up a fid through dentry while another thread unlinks it, resulting in a use-after-free on dentry's d fsdata fid list. The problem arises because d fsdata was not accessed under d lock, and since d release() is normally only called once the dentry is no longer accessible, but it is also called explicitly in v9fs remove, the lock is required. The vulnerability can be exploited to potentially escalate privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11524

ALT-PU-2024-13979

ALT-PU-2024-14046

AZL-47844

BDU:2024-07928

CVE-2024-39463

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1897

OPENSUSE-SU-2024_2947-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

USN-7166-1

USN-7166-2

USN-7166-3

USN-7166-4

USN-7186-1

USN-7186-2

USN-7194-1

ZDI-24-1194

Affected Products

Alt Linux

Astra Linux

Linux Kernel

Linuxmint

Red Os

Suse

Ubuntu

PT-2024-6715 · Linux+6 · Linux Kernel+6

CVE-2024-39463

Weakness Enumeration

Related Identifiers

Affected Products

References · 3328