CVE-2024-49966

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to the ocfs2 file system in the Linux kernel. Specifically, the ocfs2 global read info() function initializes and schedules dqi sync work at the end. If an error occurs after successfully reading the global quota, it triggers a warning with CONFIG DEBUG OBJECTS * enabled, indicating an active delayed work when freeing oinfo in error handling. To resolve this, dqi sync work should be canceled first. Additionally, the return status should be used instead of -1 when .read file info fails.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the qsync work fn function until a patch is available. Restrict access to the ocfs2 file system to minimize the risk of exploitation. Avoid using the oinfo object in error handling until the issue is resolved.