Updated: 2024-11-17 21:32:45.492173
Description:
In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that ultimately re-arms the timer, leaving the s_err_report timer active before kfree(sbi) is called. Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2024:1731933167 | 2024-11-18 16:31:27 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2024:1731956568 | 2024-11-18 16:31:28 | |
CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-27 11:57:46 | ||
CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Released | CLSA-2024:1731348593 | 2024-11-26 11:59:25 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | In Testing | CLSA-2024:1731430561 | 2024-11-13 12:23:09 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2024:1731431059 | 2024-11-12 13:30:31 | |
CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2024:1731431756 | 2024-11-12 13:30:30 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-27 11:57:46 | ||
CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Needs Triage | 2024-11-04 13:18:23 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-27 11:57:45 |