CVE-2024-53690 Affecting kernel-uek-debug package, versions <0:6.12.0-101.33.4.3.el9uek
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-ORACLE9-KERNELUEKDEBUG-10780194
- published18 Jul 2025
- disclosed11 Jan 2025
Introduced: 11 Jan 2025
CVE-2024-53690 (opens in a new tab)How to fix?
Upgrade Oracle:9 kernel-uek-debug to version 0:6.12.0-101.33.4.3.el9uek or higher.
This issue was patched in ELSA-2025-20480.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug package and not the kernel-uek-debug package as distributed by Oracle.
See How to fix? for Oracle:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: prevent use of deleted inode
syzbot reported a WARNING in nilfs_rmdir. [1]
Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations.
The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir.
Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it.
[1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
References
- https://linux.oracle.com/cve/CVE-2024-53690.html
- https://linux.oracle.com/errata/ELSA-2025-20480.html
- https://git.kernel.org/stable/c/284760b320a0bac411b18108316939707dccb12b
- https://git.kernel.org/stable/c/55e4baa0d32f0530ddc64c26620e1f2f8fa2724c
- https://git.kernel.org/stable/c/5d4ed71327b0b5f3b179a19dc3c06be9509ab3db
- https://git.kernel.org/stable/c/901ce9705fbb9f330ff1f19600e5daf9770b0175
- https://git.kernel.org/stable/c/912188316a8c9e41b8c1603c2276a05043b14f96
- https://git.kernel.org/stable/c/ef942d233643777f7b2a5deef620e82942983143
- https://git.kernel.org/stable/c/ff561987ff12b6a3233431ff659b5d332e22f153