CVE-2024-57892Use After Free in Linux

CWE-416Use After Free80 documents6 sources
Severity
7.8HIGHNVD
OSV7.1OSV6.2OSV5.5
EPSS
0.0%
top 95.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 15
Latest updateMay 29

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remou

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel4.66.1.125+3
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+2
CVEListV5linux/linux8f9e8f5fcc059a3cba87ce837c88316797ef364558f9e20e2a7602e1dd649a1ec4790077c251cb6c+7
debiandebian/linux< linux 6.1.128-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

40
OSV
linux-oracle-6.8 vulnerabilities2025-05-29
OSV
linux-hwe-6.8 vulnerabilities2025-05-28
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26

📋Vendor Advisories

39
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-05-29
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (HWE) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26