CVE-2024-49903 — Use After Free in Linux
Severity
7.0HIGHNVD
OSV8.8OSV6.7OSV6.3OSV5.5OSV4.7
EPSS
0.0%
top 98.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 21
Latest updateAug 14
Description
In the Linux kernel, the following vulnerability has been resolved:
jfs: Fix uaf in dbFreeBits
[syzbot reported]
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752
Read of size 8 at addr ffff8880229254b0 by task syz-executor357/5216
CPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Hardware name: Google Google Compute…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9