{"id":"CVE-2024-39494","summary":"ima: Fix use-after-free on a dentry's dname.name","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry's dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent's inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead.","modified":"2026-04-02T12:17:01.957811Z","published":"2024-07-12T12:20:30.348Z","related":["SUSE-SU-2024:2802-1","SUSE-SU-2024:2892-1","SUSE-SU-2024:2893-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2896-1","SUSE-SU-2024:2901-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2923-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2940-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2948-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39494.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829"},{"type":"WEB","url":"https://git.kernel.org/stable/c/480afcbeb7aaaa22677d3dd48ec590b441eaac1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39494.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39494"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2fe5d6def1672ae6635dd71867bf36dcfaa7434b"},{"fixed":"480afcbeb7aaaa22677d3dd48ec590b441eaac1a"},{"fixed":"edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"},{"fixed":"0b31e28fbd773aefb6164687e0767319b8199829"},{"fixed":"7fb374981e31c193b1152ed8d3b0a95b671330d4"},{"fixed":"dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"},{"fixed":"a78a6f0da57d058e2009e9958fdcef66f165208c"},{"fixed":"be84f32bb2c981ca670922e047cdde1488b233de"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39494.json"}}],"schema_version":"1.7.5"}