Use-after-free in Linux kernel - CVE-2024-44941
Published: August 26, 2024 / Updated: May 12, 2025
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the do_read_inode() function in fs/f2fs/inode.c, within the sanity_check_extent_cache() and f2fs_init_read_extent_tree() functions in fs/f2fs/extent_cache.c. A local user can escalate privileges on the system.
How to mitigate CVE-2024-44941
Sources
- https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8
- https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d
- https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.47