CVE-2024-26840: cachefiles: fix memory leak in cachefiles_add_cache()
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefilesaddcache()
The following memory leak was reported after unbinding /dev/cachefiles:
================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [] kmemcachealloc+0x2d5/0x370 [] preparecreds+0x26/0x2e0 [] cachefilesdeterminecachesecurity+0x1f/0x120 [] cachefilesaddcache+0x13c/0x3a0 [] cachefilesdaemonwrite+0x146/0x1c0 [] vfswrite+0xcb/0x520 [] ksyswrite+0x69/0xf0 [] dosyscall64+0x72/0x140 [] entrySYSCALL64afterhwframe+0x6e/0x76 ==================================================================
Put the reference count of cachecred in cachefilesdaemonunbind() to fix the problem. And also put cachecred in cachefilesaddcache() error branch to avoid memory leaks.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefilesaddcache()
The following memory leak was reported after unbinding /dev/cachefiles:
================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmemcachealloc+0x2d5/0x370 [<ffffffff8e917f86>] preparecreds+0x26/0x2e0 [<ffffffffc002eeef>] cachefilesdeterminecachesecurity+0x1f/0x120 [<ffffffffc00243ec>] cachefilesaddcache+0x13c/0x3a0 [<ffffffffc0025216>] cachefilesdaemonwrite+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfswrite+0xcb/0x520 [<ffffffff8ebc5069>] ksyswrite+0x69/0xf0 [<ffffffff8f6d4662>] dosyscall64+0x72/0x140 [<ffffffff8f8000aa>] entrySYSCALL64afterhwframe+0x6e/0x76 ==================================================================
Put the reference count of cachecred in cachefilesdaemonunbind() to fix the problem. And also put cachecred in cachefilesaddcache() error branch to avoid memory leaks.
— NVD
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefilesaddcache()
The Linux kernel CVE team has assigned CVE-2024-26840 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041715-CVE-2024-26840-057d@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26840?
CVE-2024-26840 has been categorized as a moderate severity vulnerability due to a memory leak in the Linux kernel cachefiles component.
How do I fix CVE-2024-26840?
To mitigate CVE-2024-26840, upgrade to the fixed versions of the kernel, specifically 4.19.309, 5.4.271, 5.10.212, 5.15.151, 6.1.80, 6.6.19, 6.7.7, or 6.8.
What systems are affected by CVE-2024-26840?
CVE-2024-26840 affects multiple versions of the Linux kernel across various distributions, particularly Red Hat and Debian systems.
What type of vulnerability is CVE-2024-26840?
CVE-2024-26840 is classified as a memory leak vulnerability in the cachefiles component of the Linux kernel.
Is there a workaround for CVE-2024-26840?
While the most effective solution is to upgrade to a patched kernel version, temporary workarounds may involve minimizing the use of cachefiles until a fix is applied.