SB2024082677 - Use-after-free in Linux kernel f2fs
Published: August 26, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082677
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-44941)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_read_inode() function in fs/f2fs/inode.c, within the sanity_check_extent_cache() and f2fs_init_read_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8
- https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d
- https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.47