CVE-2024-49854: block, bfq: fix uaf for accessing waker_bfqq after splitting
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=5.10.227<5.15.168 | |
| Linux kernel | >=5.16<6.1.113 | |
| Linux kernel | >=6.2<6.6.54 | |
| Linux kernel | >=6.7<6.10.13 | |
| Linux kernel | >=6.11<6.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726
- https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd
- https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f
- https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583
- https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe
- https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf
Frequently Asked Questions
What is the severity of CVE-2024-49854?
CVE-2024-49854 is classified as a security vulnerability in the Linux kernel due to a use-after-free error.
How do I fix CVE-2024-49854?
To resolve CVE-2024-49854, update the Linux kernel to a patched version that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-49854?
CVE-2024-49854 affects Linux kernel versions between 5.10.227 and 5.15.168, 5.16 and 6.1.113, 6.2 and 6.6.54, 6.7 and 6.10.13, and 6.11 and 6.11.2.
What impact does CVE-2024-49854 have on Linux systems?
The impact of CVE-2024-49854 includes potential system instability and security risks associated with the use-after-free condition.
Who can be exploited by CVE-2024-49854?
CVE-2024-49854 can potentially be exploited by local attackers to escalate privileges on affected Linux systems.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.10.227
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11