7.8

CVE-2024-42314

btrfs: fix extent map use-after-free when adding pages to compressed bio

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix extent map use-after-free when adding pages to compressed bio

At add_ra_bio_pages() we are accessing the extent map to calculate
'add_size' after we dropped our reference on the extent map, resulting
in a use-after-free. Fix this by computing 'add_size' before dropping our
extent map reference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 5.16 < 6.1.108
LinuxLinux Kernel Version >= 6.2 < 6.6.44
LinuxLinux Kernel Version >= 6.7 < 6.10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.131
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c
Patch
https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89
Patch
https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7
Patch
https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Third Party Advisory
Mailing List