Homepage

Double Free The advisory has been revoked - it doesn't affect any version of package kernel-64k-debug-modules-partner  (opens in a new tab)

Threat Intelligence

EPSS
0.03% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Double Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS9-KERNEL64KDEBUGMODULESPARTNER-6763100
  • published2 May 2024
  • disclosed1 May 2024
Report a new vulnerability Found a mistake?

Introduced: 1 May 2024

CVE-2024-27389  (opens in a new tab)
CWE-415  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-64k-debug-modules-partner package and not the kernel-64k-debug-modules-partner package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

pstore: inode: Only d_invalidate() is needed

Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning:

WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410

Using the combo of d_drop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use d_invalidate() and update the code to not bother checking for error codes that can never happen.