CVE-2024-26993 fs: sysfs: Fix reference leak in sysfs_break_active_protection() (!4165) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Ewan D. Milne requested to merge e-milne/centos-stream-9:RHEL-35078 into main May 02, 2024

JIRA: https://issues.redhat.com/browse/RHEL-35078 CVE: CVE-2024-26993 Upstream Status: From upstream linux mainline

The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at the start of the function will never be released.

Fix the leak by adding an explicit kobject_put() call when kn is NULL.

Signed-off-by: Alan Stern stern@rowland.harvard.edu Fixes: 2afc9166 ("scsi: sysfs: Introduce sysfs_{un,}break_active_protection()") Cc: Bart Van Assche bvanassche@acm.org Cc: stable@vger.kernel.org Reviewed-by: Bart Van Assche bvanassche@acm.org Acked-by: Tejun Heo tj@kernel.org Link: https://lore.kernel.org/r/8a4d3f0f-c5e3-4b70-a188-0ca433f9e6f9@rowland.harvard.edu Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org (cherry picked from commit a90bca2228c0646fc29a72689d308e5fe03e6d78) Signed-off-by: Ewan D. Milne emilne@redhat.com

CVE-2024-26993 fs: sysfs: Fix reference leak in sysfs_break_active_protection()

Merge request reports