CVE-2024-49889
Published: Oct 21, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = path[depth].p_hdr // path use-after-free !!! Similar to ext4_split_extent_at(), we use *ppath directly as an input to ext4_ext_show_leaf(). Fix a spelling error by the way. Same problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only used in ext4_ext_show_leaf(), remove 'path' and use *ppath directly. This issue is triggered only when EXT_DEBUG is defined and therefore does not affect functionality.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected dfe5080939ea4686b3414b5d970a9b26733c57a4 - < b0cb4561fc4284d04e69c8a66c8504928ab2484eaffected dfe5080939ea4686b3414b5d970a9b26733c57a4 - < 4999fed877bb64e3e7f9ab9996de2ca983c41928affected dfe5080939ea4686b3414b5d970a9b26733c57a4 - < 2eba3b0cc5b8de624918d21f32b5b8db59a90b39affected dfe5080939ea4686b3414b5d970a9b26733c57a4 - < 34b2096380ba475771971a778a478661a791aa15affected dfe5080939ea4686b3414b5d970a9b26733c57a4 - < 8b114f2cc7dd5d36729d040b68432fbd0f0a8868+2 more versions |
Linux | Linux | affected 3.18unaffected 0 - < 3.18unaffected 5.10.227 - <= 5.10.*unaffected 5.15.168 - <= 5.15.*unaffected 6.1.113 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now