7.8
CVE-2024-38583
- EPSS 0.26%
- Veröffentlicht 19.06.2024 14:15:18
- Zuletzt bearbeitet 04.11.2025 18:16:27
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
nilfs2: fix use-after-free of timer for log writer thread
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.35 < 4.19.316
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.278
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.219
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.161
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.94
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 < 6.8.12
Linux ≫ Linux Kernel Version >= 6.9 < 6.9.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.169 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6
https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148
https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb
https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d
https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164
https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a
https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438
https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7
https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0