CVE-2024-49854Use After Free in Linux

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 93.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedOct 21

Description

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. F

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

NVDlinux/linux_kernel5.10.2275.15.168+4
Debianlinux/linux_kernel< 6.1.115-1+2
CVEListV5linux/linuxe0c20d88b7dce85d2703bb6ba77bf359959675cd63a07379fdb6c72450cb05294461c6016b8b7726+8

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2024-49854: In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed2024-10-21
GHSA
GHSA-8qj8-qf9j-579x: In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c3062024-10-21

📋Vendor Advisories

3
Red Hat
kernel: block, bfq: fix uaf for accessing waker_bfqq after splitting2024-10-21
Microsoft
block bfq: fix uaf for accessing waker_bfqq after splitting2024-10-08
Debian
CVE-2024-49854: linux - In the Linux kernel, the following vulnerability has been resolved: block, bfq:...2024
CVE-2024-49854 — Use After Free in Linux | cvebase