{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-56549","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-27T14:03:05.989Z","datePublished":"2024-12-27T14:11:30.336Z","dateUpdated":"2025-11-03T19:32:24.323Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:58:05.639Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Fix NULL pointer dereference in object->file\n\nAt present, the object->file has the NULL pointer dereference problem in\nondemand-mode. The root cause is that the allocated fd and object->file\nlifetime are inconsistent, and the user-space invocation to anon_fd uses\nobject->file. Following is the process that triggers the issue:\n\n\t  [write fd]\t\t\t\t[umount]\ncachefiles_ondemand_fd_write_iter\n\t\t\t\t       fscache_cookie_state_machine\n\t\t\t\t\t cachefiles_withdraw_cookie\n  if (!file) return -ENOBUFS\n\t\t\t\t\t   cachefiles_clean_up_object\n\t\t\t\t\t     cachefiles_unmark_inode_in_use\n\t\t\t\t\t     fput(object->file)\n\t\t\t\t\t     object->file = NULL\n  // file NULL pointer dereference!\n  __cachefiles_write(..., file, ...)\n\nFix this issue by add an additional reference count to the object->file\nbefore write/llseek, and decrement after it finished."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/cachefiles/interface.c","fs/cachefiles/ondemand.c"],"versions":[{"version":"c8383054506c77b814489c09877b5db83fd4abf2","lessThan":"d6bba3ece960129a553d4b16f1b00c884dc0993a","status":"affected","versionType":"git"},{"version":"c8383054506c77b814489c09877b5db83fd4abf2","lessThan":"785408bbafcfa24c9fc5b251f03fd0780ce182bd","status":"affected","versionType":"git"},{"version":"c8383054506c77b814489c09877b5db83fd4abf2","lessThan":"f98770440c9bc468e2fd878212ec9526dbe08293","status":"affected","versionType":"git"},{"version":"c8383054506c77b814489c09877b5db83fd4abf2","lessThan":"9582c7664103c9043e80a78f5c382aa6bdd67418","status":"affected","versionType":"git"},{"version":"c8383054506c77b814489c09877b5db83fd4abf2","lessThan":"31ad74b20227ce6b40910ff78b1c604e42975cf1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/cachefiles/interface.c","fs/cachefiles/ondemand.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.78","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.11.11","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12.2","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.6.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.11.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.12.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d6bba3ece960129a553d4b16f1b00c884dc0993a"},{"url":"https://git.kernel.org/stable/c/785408bbafcfa24c9fc5b251f03fd0780ce182bd"},{"url":"https://git.kernel.org/stable/c/f98770440c9bc468e2fd878212ec9526dbe08293"},{"url":"https://git.kernel.org/stable/c/9582c7664103c9043e80a78f5c382aa6bdd67418"},{"url":"https://git.kernel.org/stable/c/31ad74b20227ce6b40910ff78b1c604e42975cf1"}],"title":"cachefiles: Fix NULL pointer dereference in object->file","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:32:24.323Z"}}]}}