2297698 – (CVE-2024-39494) CVE-2024-39494 kernel: ima: Fix use-after-free on a dentry's dname.name

Bug 2297698 (CVE-2024-39494) - CVE-2024-39494 kernel: ima: Fix use-after-free on a dentry's dname.name

Summary: CVE-2024-39494 kernel: ima: Fix use-after-free on a dentry's dname.name

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2024-39494
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2297466 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-13 11:05 UTC by Mauro Matteo Cascella
Modified:	2024-09-06 01:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:	kernel 6.1.97, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc1
Clone Of:
Environment:
Last Closed:	2024-09-06 01:56:42 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2024-07-13 11:05:00 UTC

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry&#39;s dname.name

The Linux kernel CVE team has assigned CVE-2024-39494 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024071259-CVE-2024-39494-119a@gregkh/T

Comment 8 Mauro Matteo Cascella 2024-07-13 13:09:10 UTC

*** Bug 2297466 has been marked as a duplicate of this bug. ***

Comment 9 Coiby 2024-09-06 01:56:42 UTC

Close this as my PO David 'strongly recommends closing the CVEs as "Won't Fix"
because they are no longer marked "compliance priority"'.

Note You need to log in before you can comment on or make changes to this bug.