We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-49960

ext4: fix timer use-after-free on failed mount



Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.

Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f4 before cf3196e5e2f3
affected

1da177e4c3f4 before 9203817ba46e
affected

1da177e4c3f4 before fa78fb51d396
affected

1da177e4c3f4 before b85569585d01
affected

1da177e4c3f4 before 0ce160c5bdb6
affected

Default status
affected

6.1.118
unaffected

6.6.55
unaffected

6.10.14
unaffected

6.11.3
unaffected

6.12
unaffected

References

git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc

git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891

git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be

git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0

git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a

cve.org (CVE-2024-49960)

nvd.nist.gov (CVE-2024-49960)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-49960

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.