PT-2024-32754 · Linux+8 · Linux Kernel+8

Published

2024-09-02

·

Updated

2025-11-18

·

CVE-2024-47706

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description The issue is related to a possible use-after-free (UAF) vulnerability in the block, bfq (Budget Fair Queueing) module of the Linux kernel. This vulnerability can occur when a process attempts to access a merged bfqq (block fair queueing queue) after it has been freed. The problem arises from the current code's failure to correctly handle the merge chain, leading to a situation where a bfqq is thought to be owned by a BIC (Block IO Controller) when it is not. This can result in a UAF error when the bfqq is accessed after being freed.
Technical details about exploitation include:
  • The bfq insert request function is involved in the vulnerability, specifically when it attempts to get a bfqq from a BIC and then handle IO by the bfqq.
  • The bfqq->bic variable is set incorrectly, leading to the UAF issue.
  • The bfq do early stable merge and bfq do or sched stable merge functions are also implicated in the vulnerability.
Recommendations
  • Update the Linux kernel to version 6.6.58 or later to fix the vulnerability.
  • As a temporary workaround, consider disabling the bfq module until a patch is available.
  • Restrict access to the vulnerable bfq module to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-14268
ALT-PU-2024-14270
ALT-PU-2024-14503
ALT-PU-2024-15739
ALT-PU-2024-16172
AZL-51108
AZL-51234
BDU:2025-03289
CVE-2024-47706
DLA-4008-1
DLA-4075-1
INFSA-2025_6966
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2522
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4140-1
OPENSUSE-SU-2025:14705-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4081-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4103-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4140-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0034-1
SUSE-SU-2025:03097-1
SUSE-SU-2025:03108-1
SUSE-SU-2025:03124-1
SUSE-SU-2025:03130-1
SUSE-SU-2025:03135-1
SUSE-SU-2025:03156-1
SUSE-SU-2025:03175-1
SUSE-SU-2025:03181-1
SUSE-SU-2025:03186-1
SUSE-SU-2025:03190-1
SUSE-SU-2025:03191-1
SUSE-SU-2025:03209-1
SUSE-SU-2025:03223-1
SUSE-SU-2025:03226-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20698-1
SUSE-SU-2025:20703-1
SUSE-SU-2025:20711-1
SUSE-SU-2025:20714-1
SUSE-SU-2025:20766-1
SUSE-SU-2025:20782-1
SUSE-SU-2025:4123-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7293-1
USN-7294-1
USN-7294-2
USN-7294-3
USN-7294-4
USN-7295-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7393-1
USN-7401-1
USN-7403-1
USN-7413-1
USN-7468-1
USN-7539-1
USN-7540-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu