CVE-2024-49870: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49870 is a vulnerability discovered in the Linux kernel's cachefiles subsystem. The issue involves a dentry leak in the cachefilesopenfile() function that occurs when a lookup cookie and a cull operation are concurrent. This vulnerability affects Linux kernel versions from 5.17 up to (excluding) 6.1.113, 6.2 up to (excluding) 6.6.55, 6.7 up to (excluding) 6.10.14, and 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability stems from a race condition between cachefileslookupcookie and cachefilescull operations. When lookuponepositiveunlocked obtains a dentry reference, and cachefilescull sets the SKERNELFILE flag on the inode, cachefilesopen_file may return false without properly releasing the dentry reference. This results in a dentry leak that becomes apparent when attempting to unmount the backend folder, triggering a kernel warning (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition through resource exhaustion when the affected system attempts to unmount the backend folder. This is evidenced by the kernel warning message indicating a dentry still in use during unmount operations (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that properly manages the dentry reference count in cachefileslookupobject(). The fix involves releasing the reference count obtained by lookuppositive_unlocked() in the correct location. Users should upgrade to Linux kernel versions 6.1.113, 6.6.55, 6.10.14, or 6.11.3 or later to address this vulnerability (NVD, Kernel Patch).