{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-53176", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:25.007Z", "datePublished": "2024-12-27T13:49:20.518Z", "dateUpdated": "2026-05-11T20:52:18.885Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:52:18.885Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids->entries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid->dentry."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cached_dir.c", "fs/smb/client/cached_dir.h", "fs/smb/client/cifsfs.c", "fs/smb/client/cifsglob.h", "fs/smb/client/inode.c", "fs/smb/client/trace.h"], "versions": [{"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7", "lessThan": "73934e535cffbda1490fa97d82690a0f9aa73e94", "status": "affected", "versionType": "git"}, {"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7", "lessThan": "ff4528bbc82d0d90073751f7b49e7b9e9c7e5638", "status": "affected", "versionType": "git"}, {"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7", "lessThan": "548812afd96982a76a93ba76c0582ea670c40d9e", "status": "affected", "versionType": "git"}, {"version": "ebe98f1447bbccf8228335c62d86af02a0ed23f7", "lessThan": "3fa640d035e5ae526769615c35cb9ed4be6e3662", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/client/cached_dir.c", "fs/smb/client/cached_dir.h", "fs/smb/client/cifsfs.c", "fs/smb/client/cifsglob.h", "fs/smb/client/inode.c", "fs/smb/client/trace.h"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.64", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.11", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.2", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.6.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.11.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.12.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/73934e535cffbda1490fa97d82690a0f9aa73e94"}, {"url": "https://git.kernel.org/stable/c/ff4528bbc82d0d90073751f7b49e7b9e9c7e5638"}, {"url": "https://git.kernel.org/stable/c/548812afd96982a76a93ba76c0582ea670c40d9e"}, {"url": "https://git.kernel.org/stable/c/3fa640d035e5ae526769615c35cb9ed4be6e3662"}], "title": "smb: During unmount, ensure all cached dir instances drop their dentry", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7081676E-4D8A-48BF-AAF4-73B8F49078AE", "versionEndExcluding": "6.6.64", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21434379-192D-472F-9B54-D45E3650E893", "versionEndExcluding": "6.11.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8882B1B-2ABC-4838-AC1D-DBDBB5764776", "versionEndExcluding": "6.12.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids->entries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid->dentry."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: Durante el desmontaje, asegurarse de que todas las instancias de directorio en cach\u00e9 eliminen su dentry El proceso de desmontaje (cifs_kill_sb() llamando a close_all_cached_dirs()) puede competir con varias operaciones de directorio en cach\u00e9, lo que en \u00faltima instancia da como resultado que no se eliminen los dentries y estos ERRORES del kernel: ERROR: Dentry ffff88814f37e358{i=1000000000080,n=/} todav\u00eda en uso (2) [desmontaje de cifs cifs] VFS: Inodos ocupados despu\u00e9s del desmontaje de cifs (cifs) ------------[ corte aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/super.c:661! Esto sucede cuando un cfid est\u00e1 en proceso de desinfecci\u00f3n y se ha eliminado de la lista cfids->entries, lo que incluye: - Recibir una interrupci\u00f3n de arrendamiento del servidor - La reconexi\u00f3n del servidor activa invalidate_all_cached_dirs(), que elimina todos los cfids de la lista - El hilo de la lavander\u00eda decide hacer caducar un cfid antiguo. Para resolver estos problemas, se elimina el dentry en el trabajo en cola realizado en una cola de trabajo cfid_put_wq reci\u00e9n agregada, y close_all_cached_dirs() vac\u00eda esa cola de trabajo despu\u00e9s de eliminar todos los dentries de los que tiene conocimiento. Esta es una cola de trabajo global (en lugar de tener un alcance de montaje), pero el trabajo en cola es m\u00ednimo. El trabajo de desinfecci\u00f3n final para limpiar un cfid se realiza a trav\u00e9s del trabajo en cola en la cola de trabajo serverclose_wq; esto se hace por separado de la eliminaci\u00f3n de los dentries para que close_all_cached_dirs() no bloquee ninguna operaci\u00f3n del servidor. Se espera que ambos trabajos en cola se invoquen con una referencia cfid y una referencia tcon para evitar que esos objetos se liberen mientras el trabajo est\u00e1 en curso. Mientras estamos aqu\u00ed, agregue un bloqueo adecuado a close_all_cached_dirs() y un bloqueo alrededor de la liberaci\u00f3n de cfid->dentry."}], "id": "CVE-2024-53176", "lastModified": "2025-10-08T14:39:14.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T14:15:24.947", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3fa640d035e5ae526769615c35cb9ed4be6e3662"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/548812afd96982a76a93ba76c0582ea670c40d9e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73934e535cffbda1490fa97d82690a0f9aa73e94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ff4528bbc82d0d90073751f7b49e7b9e9c7e5638"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: smb: During unmount, ensure all cached dir instances drop their dentry", "id": "2334355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334355"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nsmb: During unmount, ensure all cached dir instances drop their dentry\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids->entries list, including:\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\nremoves all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid->dentry."], "name": "CVE-2024-53176", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53176\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53176\nhttps://lore.kernel.org/linux-cve-announce/2024122718-CVE-2024-53176-85e0@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-07-12T22:09:26.480985+00:00", "updated": "2025-07-12T22:09:26.481035+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}