Ojaswin Mujoo

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue is related to a use-after-free vulnerability in the `ext4 ext insert extent()` function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when the path is reallocated in `ext4 ext create new leaf()`, causing a stale path to be used and resulting in a use-after-free error. Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider updating the path using `*ppath` to avoid the use-after-free error in the `ext4 ext insert extent()` function.