CVE-2024-14027 Linux CVE debrief

Who should care

Linux kernel users and administrators should be aware of this vulnerability, as it can be exploited by an unprivileged local user to cause kernel memory exhaustion. This vulnerability may affect Linux kernel versions 6.6.51 to 6.6.133 and 6.10.10 to 6.12.77. Users and administrators of affected systems should apply the available patches to mitigate the vulnerability.

Technical summary

The fremovexattr() syscall in the Linux kernel calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. This causes a permanent leak of one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The vulnerability is caused by a missing fdput() call in the error path of the fremovexattr() syscall.

Defensive priority

Apply patches to fix the vulnerability. Review and update Linux kernel versions to ensure they are not affected by this vulnerability.

Recommended defensive actions

• Apply patches from Linux kernel repositories.
• Review and update Linux kernel versions to ensure they are not affected by this vulnerability.
• Monitor system logs for potential exploitation attempts.
• Implement compensating controls to detect and prevent potential exploitation.
• Perform regular vulnerability assessments and penetration testing to identify potential vulnerabilities.

Evidence notes

The CVE-2024-14027 vulnerability was published on March 9, 2026, and last modified on June 26, 2026. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The vulnerability affects Linux kernel versions 6.6.51 to 6.6.133 and 6.10.10 to 6.12.77.

Official resources