#VU98885 Use-after-free in Linux kernel - CVE-2024-49867
Published: October 21, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU98885
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-49867
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the close_ctree() function in fs/btrfs/disk-io.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/70b60c8d9b42763d6629e44f448aa5d8ae477d61
- https://git.kernel.org/stable/c/4c98fe0dfa2ae83c4631699695506d8941db4bfe
- https://git.kernel.org/stable/c/9da40aea63f8769f28afb91aea0fac4cf6fbbb65
- https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b
- https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4
- https://git.kernel.org/stable/c/65d11eb276836d49003a8060cf31fa2284ad1047
- https://git.kernel.org/stable/c/41fd1e94066a815a7ab0a7025359e9b40e4b3576
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.323
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55