Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel: File Reference Leak in File System Function
DEBIAN-CVE-2024-14027
Summary
A bug in the Linux kernel's file system can cause a local user to run out of memory if they make a lot of file requests. This is fixed in a recent update. You may need to update your Linux system to fix this issue.
What to do
- Update debian linux to version 6.16.3-1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | linux | All versions | – |
| debian | linux | <= 6.16.3-1 | 6.16.3-1 |
Original title
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a...
Original description
In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").
- https://security-tracker.debian.org/tracker/CVE-2024-14027 Vendor Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026