PT-2024-7723 · Linux+9 · Linux Kernel+9
Baokun Li
·
Published
2024-02-19
·
Updated
2025-09-29
·
CVE-2024-26840
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a memory leak in the
cachefiles add cache() function of the Linux kernel. This memory leak was reported after unbinding /dev/cachefiles. The problem can be fixed by putting the reference count of cache cred in cachefiles daemon unbind() and also putting cache cred in cachefiles add cache() error branch to avoid memory leaks. The memory leak is associated with the cachefilesd2 process, and a backtrace is provided, showing the call stack leading to the leak. The leak involves an unreferenced object of size 192.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu