First published: Sun Jan 21 2024(Updated: )
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/Kernel | <6.4 | 6.4 |
Linux kernel | <6.4 | |
Linux kernel | =6.4-rc1 | |
Red Hat Enterprise Linux | =9.0 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-0775 is classified as a moderate severity vulnerability due to its potential for information leak.
To fix CVE-2024-0775, update the Linux kernel to version 6.4 or higher, or apply the specified patches for affected versions.
CVE-2024-0775 affects local users running specific versions of the Linux kernel, particularly prior to version 6.4.
Systems running the ext4 filesystem in affected versions of the Linux kernel are vulnerable to CVE-2024-0775.
CVE-2024-0775 is a local vulnerability and does not allow for remote exploitation by adversaries.