CVE-2024-53182

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0

Description A slab-use-after-free issue has been identified in the Linux kernel. The issue arises from the association of the bic with sync bfqq and the inability to put bfq release process ref into bfq put cooperator. This results in a use-after-free error, as reported by the kasan tool. The error occurs in the bic set bfqq function and is triggered by a read operation of size 8 at a specific memory address. The issue affects the Linux kernel and is related to the block, bfq module.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this issue. As a temporary workaround, consider disabling the bfq release process ref function until a patch is available. Restrict access to the vulnerable bic set bfqq function to minimize the risk of exploitation. Avoid using the bfq put cooperator function in conjunction with bfq release process ref until the issue is resolved.