CVE-2024-39494: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-39494 is a use-after-free vulnerability discovered in the Linux kernel's Integrity Measurement Architecture (IMA) framework. The vulnerability was disclosed on July 12, 2024, and affects the handling of dentry's dname.name in the IMA subsystem. The issue occurs when a file's name can change during rename operations, potentially leading to accessing freed memory (NVD).

The vulnerability stems from a condition where ->dname.name can change on rename operations and the earlier value can be freed. While there are conditions that could stabilize it (->dlock on dentry, ->dlock on its parent, ->irwsem exclusive on the parent's inode, rename_lock), none of these conditions are met at the vulnerable sites. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high potential impact (NVD, RedHat).

The vulnerability affects multiple versions of the Linux kernel, including versions up to (excluding) 6.1.97, versions from 6.2 up to (excluding) 6.6.35, and versions from 6.7 up to (excluding) 6.9.6. The use-after-free condition could potentially lead to system crashes, information disclosure, or privilege escalation (NVD).

The vulnerability has been patched in the Linux kernel by implementing a stable snapshot of the name instead of relying on the potentially changing d_name.name value. Multiple Linux distributions have released security updates to address this vulnerability, including Ubuntu which has provided fixes across various kernel versions and configurations (Ubuntu).