CVE-2024-49889
ext4: avoid use-after-free in ext4_ext_show_leaf()
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
ext4: avoid use-after-free in ext4_ext_show_leaf()
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = path[depth].p_hdr // path use-after-free !!! Similar to ext4_split_extent_at(), we use *ppath directly as an input to ext4_ext_show_leaf(). Fix a spelling error by the way. Same problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only used in ext4_ext_show_leaf(), remove 'path' and use *ppath directly. This issue is triggered only when EXT_DEBUG is defined and therefore does not affect functionality.
Reserved 2024-10-21 | Published 2024-10-21 | Updated 2025-05-04 | Assigner Linuxgit.kernel.org/...c/b0cb4561fc4284d04e69c8a66c8504928ab2484e
git.kernel.org/...c/4999fed877bb64e3e7f9ab9996de2ca983c41928
git.kernel.org/...c/2eba3b0cc5b8de624918d21f32b5b8db59a90b39
git.kernel.org/...c/34b2096380ba475771971a778a478661a791aa15
git.kernel.org/...c/8b114f2cc7dd5d36729d040b68432fbd0f0a8868
git.kernel.org/...c/d483c7cc1796bd6a80e7b3a8fd494996260f6b67
git.kernel.org/...c/4e2524ba2ca5f54bdbb9e5153bea00421ef653f5
Support options
