CVE-2024-26993

Published May 1, 2024

Last updated 2 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL.
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF0E916A-2E85-4BDA-A6B9-628CB208D7E0",
            "versionEndExcluding": "3.17",
            "versionStartIncluding": "3.16.62"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B68BB35-4680-4400-8678-945038232436",
            "versionEndExcluding": "3.19",
            "versionStartIncluding": "3.18.121"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71EA076B-AD00-432F-B156-0748605CE34D",
            "versionEndExcluding": "4.5",
            "versionStartIncluding": "4.4.154"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6332802F-C91B-4C23-A155-60E41FC4345A",
            "versionEndExcluding": "4.10",
            "versionStartIncluding": "4.9.125"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB57F4AD-D25F-493E-85BA-74DDA52C7AA7",
            "versionEndExcluding": "4.15",
            "versionStartIncluding": "4.14.68"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2605C4B5-016B-469F-9FEE-CF497A18AE3B",
            "versionEndExcluding": "4.19",
            "versionStartIncluding": "4.18.6"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96AD9EA4-6E34-4C07-ACD9-AB23A8FD05AF",
            "versionEndExcluding": "5.15.157",
            "versionStartIncluding": "4.19"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B665F958-644E-434D-A78D-CCD1628D1774",
            "versionEndExcluding": "6.1.88",
            "versionStartIncluding": "5.16"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0999E154-1E68-41FA-8DE3-9A735E382224",
            "versionEndExcluding": "6.6.29",
            "versionStartIncluding": "6.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "673B3328-389D-41A4-9617-669298635262",
            "versionEndExcluding": "6.8.8",
            "versionStartIncluding": "6.7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References