CVE-2024-26878
Published: Apr 17, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after that, NULL pointer dereference will be triggered. So let's fix it by using a temporary pointer to avoid this issue.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7b9ca4c61bc278b771fb57d6290a31ab1fc7fdac - < 8514899c1a4edf802f03c408db901063aa3f05a1affected 7b9ca4c61bc278b771fb57d6290a31ab1fc7fdac - < 49669f8e7eb053f91d239df7b1bfb4500255a9d0affected 7b9ca4c61bc278b771fb57d6290a31ab1fc7fdac - < 61380537aa6dd32d8a723d98b8f1bd1b11d8fee0affected 7b9ca4c61bc278b771fb57d6290a31ab1fc7fdac - < 1ca72a3de915f87232c9a4cb9bebbd3af8ed3e25affected 7b9ca4c61bc278b771fb57d6290a31ab1fc7fdac - < 7f9e833fc0f9b47be503af012eb5903086939754+4 more versions |
Linux | Linux | affected 4.14unaffected 0 - < 4.14unaffected 4.19.311 - <= 4.19.*unaffected 5.4.273 - <= 5.4.*unaffected 5.10.214 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now