CVE-2024-49960
HIGHLinux Kernel - Use-After-Free in ext4 Filesystem Mount Failure Handling
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.
References (9)
Core 9
Core References
Scores
CVSS v3
7.8
EPSS
0.0027
EPSS Percentile
18.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (29)
debian/debian_linux
11.0
linux/Kernel
< 5.10.237linux
linux/Kernel
5.11.0 - 5.15.181linux
linux/Kernel
5.14.0 - 6.1.118linux
linux/Kernel
5.16.0 - 6.6.55linux
linux/Kernel
6.2.0 - 6.10.14linux
linux/Kernel
6.7.0 - 6.11.3linux
Linux/Linux
< 5.14
Linux/Linux
5.10.237 - 5.10.*
Linux/Linux
5.10.51 - 5.10.237
... and 19 more
Published
Oct 21, 2024
Tracked Since
Feb 18, 2026