SB2024102173 - Use-after-free in Linux kernel ext4
Published: October 21, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024102173
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-49889)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4_split_extents(), ext4_split_extent() and ext4_ext_handle_unwritten_extents() functions in fs/ext4/extents.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/b0cb4561fc4284d04e69c8a66c8504928ab2484e
- https://git.kernel.org/stable/c/4999fed877bb64e3e7f9ab9996de2ca983c41928
- https://git.kernel.org/stable/c/2eba3b0cc5b8de624918d21f32b5b8db59a90b39
- https://git.kernel.org/stable/c/34b2096380ba475771971a778a478661a791aa15
- https://git.kernel.org/stable/c/8b114f2cc7dd5d36729d040b68432fbd0f0a8868
- https://git.kernel.org/stable/c/d483c7cc1796bd6a80e7b3a8fd494996260f6b67
- https://git.kernel.org/stable/c/4e2524ba2ca5f54bdbb9e5153bea00421ef653f5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55