PT-2024-6605 · Linux+10 · Linux Kernel+10
Andreas Gruenbacher
·
Published
2024-04-24
·
Updated
2026-03-14
·
CVE-2024-38570
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a potential glock use-after-free on unmount in the gfs2 filesystem. When a DLM lockspace is released and there are still locks in that lockspace, DLM will unlock those locks automatically. However, this behavior did not take into account the bast callbacks for asynchronous lock contention notifications, which remain active until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, the glocks that should not be unlocked are put on the sd dead glocks list, the lockspace is released, and only then are those glocks freed. As an additional measure, unexpected ast and bast callbacks are ignored if the receiving glock is dead.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu