CVE-2024-49883
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent()
As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF. Below is a sample trace with dummy values:
ext4_ext_insert_extent path = *ppath = 2000 ext4_ext_create_new_leaf(ppath) ext4_find_extent(ppath) path = *ppath = 2000 if (depth > path[0].p_maxdepth) kfree(path = 2000); *ppath = path = NULL; path = kcalloc() = 3000 *ppath = 3000; return path; /* here path is still 2000, UAF! */ eh = path[depth].p_hdr
================================================================== BUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330 Read of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179 CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866 Call Trace:
ext4_ext_insert_extent+0x26d4/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 [...]
Allocated by task 179: ext4_find_extent+0x81c/0x1f70 ext4_ext_map_blocks+0x146/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...]
Freed by task 179: kfree+0xcb/0x240 ext4_find_extent+0x7c0/0x1f70 ext4_ext_insert_extent+0xa26/0x3330 ext4_ext_map_blocks+0xe22/0x2d40 ext4_map_blocks+0x71e/0x1700 ext4_do_writepages+0x1290/0x2800 ext4_writepages+0x26d/0x4e0 do_writepages+0x175/0x700 [...] ==================================================================
So use *ppath to update the path to avoid the above problem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
116- osv-coords112 versionspkg:deb/ubuntu/linux@6.11.0-18.18?arch=source&distro=oracularpkg:deb/ubuntu/linux-aws@6.11.0-1009.10?arch=source&distro=oracularpkg:deb/ubuntu/linux-azure@6.11.0-1009.9?arch=source&distro=oracularpkg:deb/ubuntu/linux-gcp@6.11.0-1009.9?arch=source&distro=oracularpkg:deb/ubuntu/linux-lowlatency@6.11.0-1010.11?arch=source&distro=oracularpkg:deb/ubuntu/linux-oracle@6.11.0-1011.12?arch=source&distro=oracularpkg:deb/ubuntu/linux-raspi@6.11.0-1008.8?arch=source&distro=oracularpkg:deb/ubuntu/linux-realtime@6.11.0-1005.5?arch=source&distro=oracularpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_4&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_4&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_62&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 6.11.0-18.18+ 111 more
- (no CPE)range: < 6.11.0-18.18
- (no CPE)range: < 6.11.0-1009.10
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1010.11
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1008.8
- (no CPE)range: < 6.11.0-1005.5
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.2
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1.150600.12.12.6
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.11.8-1.1
- (no CPE)range: < 6.12.11-1.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.2
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 6.4.0-150600.23.30.1.150600.12.12.6
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 6.4.0-24.1.21.4
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.5
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 6.4.0-24.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 6.4.0-22.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 6.4.0-150600.8.17.1
- (no CPE)range: < 6.4.0-15061.9.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 6.4.0-150600.10.20.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 6.4.0-150600.23.30.1
- (no CPE)range: < 1-8.3.1
Patches
Vulnerability mechanics
References
11- git.kernel.org/stable/c/51db04892a993cace63415be99848970a0f15ef2nvdPatch
- git.kernel.org/stable/c/5e811066c5ab709b070659197dccfb80ab650dddnvdPatch
- git.kernel.org/stable/c/8162ee5d94b8c0351be0a9321be134872a7654a1nvdPatch
- git.kernel.org/stable/c/975ca06f3fd154c5f7742083e7b2574c57d1c0c3nvdPatch
- git.kernel.org/stable/c/9df59009dfc6d9fc1bd9ddf6c5ab6e56d6ed887anvdPatch
- git.kernel.org/stable/c/a164f3a432aae62ca23d03e6d926b122ee5b860dnvdPatch
- git.kernel.org/stable/c/beb7b66fb489041c50c6473100b383f7a51648fcnvdPatch
- git.kernel.org/stable/c/bfed082ce4b1ce6349b05c09a0fa4f3da35ecb1bnvdPatch
- git.kernel.org/stable/c/e17ebe4fdd7665c93ae9459ba40fcdfb76769ac1nvdPatch
- lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.