CVE-2024-49960

EPSS 0.04%
Published 21.10.2024 18:15:17
Last modified 03.11.2025 23:16:34
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix timer use-after-free on failed mount

Syzbot has found an ODEBUG bug in ext4_fill_super

The del_timer_sync function cancels the s_err_report timer,
which reminds about filesystem errors daily. We should
guarantee the timer is no longer active before kfree(sbi).

When filesystem mounting fails, the flow goes to failed_mount3,
where an error occurs when ext4_stop_mmpd is called, causing
a read I/O failure. This triggers the ext4_handle_error function
that ultimately re-arms the timer,
leaving the s_err_report timer active before kfree(sbi) is called.

Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.6.55

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.14

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.13

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a

Patch

https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891

Patch

https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0

Patch

https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc

https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be

Patch

https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04

https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-49960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49960

EUVD