CVE-2024-56549

MEDIUM

Linux kernel - NULL Pointer Dereference

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished.

References (6)

Core 6

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 11.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (17)
linux/Kernel 5.19.0 - 6.1.129linux
linux/Kernel 6.12.0 - 6.12.2linux
linux/Kernel 6.2.0 - 6.6.78linux
linux/Kernel 6.7.0 - 6.11.11linux
Linux/Linux < 5.19
Linux/Linux 5.19
Linux/Linux 6.1.129 - 6.1.*
Linux/Linux 6.11.11 - 6.11.*
Linux/Linux 6.12.2 - 6.12.*
Linux/Linux 6.13
... and 7 more
Published Dec 27, 2024
Tracked Since Feb 18, 2026