We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-49889

ext4: avoid use-after-free in ext4_ext_show_leaf()



Description

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = path[depth].p_hdr // path use-after-free !!! Similar to ext4_split_extent_at(), we use *ppath directly as an input to ext4_ext_show_leaf(). Fix a spelling error by the way. Same problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only used in ext4_ext_show_leaf(), remove 'path' and use *ppath directly. This issue is triggered only when EXT_DEBUG is defined and therefore does not affect functionality.

Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before b0cb4561fc4284d04e69c8a66c8504928ab2484e
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 4999fed877bb64e3e7f9ab9996de2ca983c41928
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2eba3b0cc5b8de624918d21f32b5b8db59a90b39
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 34b2096380ba475771971a778a478661a791aa15
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 8b114f2cc7dd5d36729d040b68432fbd0f0a8868
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before d483c7cc1796bd6a80e7b3a8fd494996260f6b67
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 4e2524ba2ca5f54bdbb9e5153bea00421ef653f5
affected

Default status
affected

5.10.227
unaffected

5.15.168
unaffected

6.1.113
unaffected

6.6.55
unaffected

6.10.14
unaffected

6.11.3
unaffected

6.12
unaffected

References

git.kernel.org/...c/b0cb4561fc4284d04e69c8a66c8504928ab2484e

git.kernel.org/...c/4999fed877bb64e3e7f9ab9996de2ca983c41928

git.kernel.org/...c/2eba3b0cc5b8de624918d21f32b5b8db59a90b39

git.kernel.org/...c/34b2096380ba475771971a778a478661a791aa15

git.kernel.org/...c/8b114f2cc7dd5d36729d040b68432fbd0f0a8868

git.kernel.org/...c/d483c7cc1796bd6a80e7b3a8fd494996260f6b67

git.kernel.org/...c/4e2524ba2ca5f54bdbb9e5153bea00421ef653f5

cve.org (CVE-2024-49889)

nvd.nist.gov (CVE-2024-49889)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-49889

Support options

Helpdesk Chat, Email, Knowledgebase