Unrated severityNVD Advisory· Published Jul 29, 2024· Updated Nov 3, 2025

cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

CVE-2024-41058

Description

In the Linux kernel, the following vulnerability has been resolved:

We got the following issue in our fault injection stress test:

================================================================== BUG: KASAN: slab-use-after-free in fscache_withdraw_volume+0x2e1/0x370 Read of size 4 at addr ffff88810680be08 by task ondemand-04-dae/5798

CPU: 0 PID: 5798 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #565 Call Trace: kasan_check_range+0xf6/0x1b0 fscache_withdraw_volume+0x2e1/0x370 cachefiles_withdraw_volume+0x31/0x50 cachefiles_withdraw_cache+0x3ad/0x900 cachefiles_put_unbind_pincount+0x1f6/0x250 cachefiles_daemon_release+0x13b/0x290 __fput+0x204/0xa00 task_work_run+0x139/0x230

Allocated by task 5820: __kmalloc+0x1df/0x4b0 fscache_alloc_volume+0x70/0x600 __fscache_acquire_volume+0x1c/0x610 erofs_fscache_register_volume+0x96/0x1a0 erofs_fscache_register_fs+0x49a/0x690 erofs_fc_fill_super+0x6c0/0xcc0 vfs_get_super+0xa9/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...]

Freed by task 5820: kfree+0xf1/0x2c0 fscache_put_volume.part.0+0x5cb/0x9e0 erofs_fscache_unregister_fs+0x157/0x1b0 erofs_kill_sb+0xd9/0x1c0 deactivate_locked_super+0xa3/0x100 vfs_get_super+0x105/0x140 vfs_get_tree+0x8e/0x300 do_new_mount+0x28c/0x580 [...] ==================================================================

Following is the process that triggers the issue:

mount failed | daemon exit ------------------------------------------------------------ deactivate_locked_super cachefiles_daemon_release erofs_kill_sb erofs_fscache_unregister_fs fscache_relinquish_volume __fscache_relinquish_volume fscache_put_volume(fscache_volume, fscache_volume_put_relinquish) zero = __refcount_dec_and_test(&fscache_volume->ref, &ref); cachefiles_put_unbind_pincount cachefiles_daemon_unbind cachefiles_withdraw_cache cachefiles_withdraw_volumes list_del_init(&volume->cache_link) fscache_free_volume(fscache_volume) cache->ops->free_volume cachefiles_free_volume list_del_init(&cachefiles_volume->cache_link); kfree(fscache_volume) cachefiles_withdraw_volume fscache_withdraw_volume fscache_volume->n_accesses // fscache_volume UAF !!!

The fscache_volume in cache->volumes must not have been freed yet, but its reference count may be 0. So use the new fscache_try_get_volume() helper function try to get its reference count.

If the reference count of fscache_volume is 0, fscache_put_volume() is freeing it, so wait for it to be removed from cache->volumes.

If its reference count is not 0, call cachefiles_withdraw_volume() with reference count protection to avoid the above issue.

Affected products

osv-coords97 versions
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_2&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_2&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 5.14.21-150500.55.73.1+ 96 more
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.22.1.150600.12.8.3
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 5.14.21-150500.55.73.1.150500.6.33.8
- (no CPE)range: < 6.4.0-150600.23.22.1.150600.12.8.3
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 5.14.21-150500.55.73.2
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.3.2
- (no CPE)range: < 1-150600.13.3.3
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-10.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 6.4.0-19.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-10.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.3
- (no CPE)range: < 5.14.21-150500.33.63.1
- (no CPE)range: < 6.4.0-150600.8.11.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
- (no CPE)range: < 5.14.21-150500.13.64.1
- (no CPE)range: < 6.4.0-150600.10.8.1
- (no CPE)range: < 5.14.21-150500.55.73.1
- (no CPE)range: < 6.4.0-150600.23.22.1
Linux/Linuxcpe-rescue
Range: 5.17

Patches

522018a0de6b

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

38b88d544216

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

9dd7f5663899

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

90f17e47f1e2

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000