PT-2024-29230 · Linux+5 · Linux Kernel+5

Hou Tao

·

Published

2024-06-28

·

Updated

2025-02-03

·

CVE-2024-41051

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the use of memory after it has been freed in the cachefiles function of the Linux kernel. This can lead to a use-after-free problem when the ondemand object worker function is run after the object has been freed. The problem occurs when the cachefiles object is not pinned and may be freed when a pending read request is completed and the related erofs is umounted.
Technical details about exploitation include:
  • The cachefiles ondemand send req() function sends a read request.
  • The cachefiles ondemand fd release() function closes the ondemand fd and sets the object as CLOSE.
  • The cachefiles ondemand daemon read() function sets the object as REOPENING and queues the ondemand object worker() function.
  • The queue work(fscache wq, &info->ondemand work) function queues the work for the ondemand object worker.
  • The cachefiles put object() function frees the object.
  • The kmem cache free(object) function frees the object's memory.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2025-01571
CVE-2024-41051
DLA-4008-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-2076
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu