CVE-2024-42314

EPSS 0.02%
Published 17.08.2024 09:15:11
Last modified 03.11.2025 22:18:02
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix extent map use-after-free when adding pages to compressed bio

At add_ra_bio_pages() we are accessing the extent map to calculate
'add_size' after we dropped our reference on the extent map, resulting
in a use-after-free. Fix this by computing 'add_size' before dropping our
extent map reference.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.16 < 6.6.44

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.041

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c

Patch

https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89

Patch

https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7

https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8

Patch

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-42314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-42314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-42314

EUVD