CVE-2024-44941

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to a use-after-free issue in the sanity check extent cache() function, which can be exploited to impact the confidentiality, integrity, and availability of protected information. The issue arises from a race condition where the sanity check extent cache() function is called without proper locking, allowing an attacker to access memory that has already been freed. This can occur when the f2fs iget() function is called, followed by do read inode(), f2fs init read extent tree(), and sanity check extent cache(). To fix this issue, the sanity check extent cache() function should be refactored to avoid extent cache access and called before f2fs init read extent tree().

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the sanity check extent cache() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.