CVE-2024-38583

HIGH

Linux Kernel - Use-After-Free in nilfs2 Log Writer Timer

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive.

References (10)

Core 10
Core References

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 17.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (29)
linux/Kernel 2.6.35 - 4.19.316linux
linux/Kernel 4.20.0 - 5.4.278linux
linux/Kernel 5.11.0 - 5.15.161linux
linux/Kernel 5.16.0 - 6.1.94linux
linux/Kernel 5.5.0 - 5.10.219linux
linux/Kernel 6.2.0 - 6.6.33linux
linux/Kernel 6.7.0 - 6.8.12linux
linux/Kernel 6.9.0 - 6.9.3linux
Linux/Linux < 2.6.35
Linux/Linux 2.6.35
... and 19 more
Published Jun 19, 2024
Tracked Since Feb 18, 2026