CVE-2024-49882

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to the ext4 file system in the Linux kernel, where a vulnerability in the ext4 ext try to merge up() function can cause a double release of a buffer, potentially leading to memory corruption and other issues. This can occur when the function is called with a specific set of circumstances, such as when the path->p depth is 0 and the ext4 split extent at function is called. The vulnerability can be triggered by a series of events, including the ext4 ext map blocks, ext4 ext handle unwritten extents, and ext4 split convert extents functions. The estimated number of potentially affected devices is not specified.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable ext4 file system until a patch is available. Avoid using the path[1].p bh variable in the affected API endpoint until the issue is resolved.