Updated: 2026-02-27 01:41:27.077962
Description:
In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible UAF when remounting r/o a mmp-protected file system After commit 618f003199c6 ("ext4: fix memory leak in ext4_fill_super"), after the file system is remounted read-only, there is a race where the kmmpd thread can exit, causing sbi->s_mmp_tsk to point at freed memory, which the call to ext4_stop_mmpd() can trip over. Fix this by only allowing kmmpd() to exit when it is stopped via ext4_stop_mmpd(). Bug-Report-Link: <20210629143603.2166962-1-yebin10@huawei.com>
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2025-02-24 06:42:13 | Not affected: this UAF only exists in ext4’s MMP stop path introduced after commit 618f003199c6, w... | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1762332910 | 2025-11-21 21:24:20 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2025-02-24 06:42:13 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2025-02-24 06:42:13 | Not affected: this UAF only exists in ext4’s MMP stop path introduced after commit 618f003199c6, w... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1762244592 | 2025-11-05 04:52:03 | |
| RHEL 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2025:1762244848 | 2025-11-05 15:42:52 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1742321198 | 2025-03-18 23:45:02 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 7.8 | HIGH | Released | CLSA-2025:1747430034 | 2025-05-18 05:12:13 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1742319747 | 2025-03-20 05:17:09 |