PT-2024-3374 · Linux+2 · Linux Kernel+2

Syzbot

Published

2024-03-14

Updated

2024-12-26

CVE-2024-27070

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0

Description: The issue is related to a use-after-free problem in the f2fs filemap fault() function. This occurs because vmf->vma may not be alive after filemap fault(), potentially causing a use-after-free issue when accessing vmf->vma->vm flags in trace f2fs filemap fault(). To resolve this, it is necessary to keep vm flags in a separate temporary variable for tracepoint use.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the use-after-free issue in f2fs filemap fault(). As a temporary workaround, consider disabling the f2fs filemap fault() function until a patch is available. However, this may have significant performance implications and should be carefully considered before implementation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-03646

CVE-2024-27070

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2024-3374 · Linux+2 · Linux Kernel+2

CVE-2024-27070

Weakness Enumeration

Related Identifiers

Affected Products

References · 249