CVE-2024-26993

Updated: 2026-02-27 03:19:59.496019

Description:

In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released. Fix the leak by adding an explicit kobject_put() call when kn is NULL.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2025:1743193221 2024-06-24 11:20:55
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-05-30 05:38:13 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2024-05-30 05:38:13 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:20:55 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:20:55 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Already Fixed 2024-06-09 14:19:24
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-05-30 05:38:13 Ignored due to low severity
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Ignored 2024-05-30 10:10:25 Ignored due to low severity
Oracle Linux 7 ELS kernel-uek 5.4.17 5.5 MEDIUM Ignored 2025-12-03 19:16:37 This is a local-only bug in sysfs_break_active_protection’s error path that merely leaks a kobject...
Ubuntu 16.04 ELS linux-hwe 4.15.0 5.5 MEDIUM Released CLSA-2024:1721664120 2024-07-22 14:23:44
Total: 12