PT-2024-3787 · Linux+3 · Linux Kernel+3

Rongrong

·

Published

2024-01-18

·

Updated

2024-12-12

·

CVE-2024-26616

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version
Description The vulnerability is related to a use-after-free issue in the btrfs file system when the chunk length is not 64K aligned. This can lead to various problems, including "unable to find chunk map" errors and crashes. The issue occurs when the scrub submit initial read() function expects the endio function to be called only once, but it is called multiple times, causing the bbio::bio to be freed prematurely.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2024-04140
CVE-2024-26616
USN-6765-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4

Affected Products

Linuxmint
Linux Kernel
Red Os
Ubuntu