Skip to main content

Linux CVE-2024-14027

MEDIUM
Memory Leak (CWE-401)
2026-03-09 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
CVSS changed
Jun 26, 2026 - 20:22 NVD
5.5 (MEDIUM)
Analysis Generated
Mar 12, 2026 - 21:56 vuln.today
CVE Published
Mar 09, 2026 - 16:16 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fs/xattr: missing fdput() in fremovexattr error path

In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").

AnalysisAI

In the Linux kernel, the following vulnerability has been resolved:

fs/xattr: missing fdput() in fremovexattr error path

In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument.

Technical ContextAI

In the Linux kernel, the following vulnerability has been resolved:

fs/xattr: missing fdput() in fremovexattr error path

In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivile

RemediationAI

Monitor vendor advisories for a patch.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
Image SLES-Azure-3P Image SLES-Azure-Basic Image SLES-Azure-Standard Image SLES-BYOS-Azure Image SLES-BYOS-EC2 Image SLES-BYOS-GCE Image SLES-EC2 Image SLES-EC2-ECS Image SLES-GCE Image SLES-Hardened-BYOS-Azure Image SLES-Hardened-BYOS-EC2 Image SLES-Hardened-BYOS-GCE Image SLES-SAPCAL-Azure Affected
SUSE Linux Enterprise High Availability Extension 16.0 Fixed
SUSE Linux Enterprise Server 16.0 Fixed
SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Micro 6.2 Fixed

Share

CVE-2024-14027 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy