First published: Wed Jun 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=2.6.35<4.19.316 | |
Linux Linux kernel | >=4.20<5.4.278 | |
Linux Linux kernel | >=5.5<5.10.219 | |
Linux Linux kernel | >=5.11<5.15.161 | |
Linux Linux kernel | >=5.16<6.1.94 | |
Linux Linux kernel | >=6.2<6.6.33 | |
Linux Linux kernel | >=6.7<6.8.12 | |
Linux Linux kernel | >=6.9<6.9.3 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.