CVE-2024-49889

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to a use-after-free vulnerability in the ext4 file system, specifically in the ext4 ext show leaf() function. This vulnerability can be triggered when EXT DEBUG is defined, but it does not affect the functionality of the system. The problem arises when the path variable is freed by error or reallocated in ext4 find extent(), and then used again in ext4 ext show leaf(), potentially leading to a use-after-free condition. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the EXT DEBUG definition to prevent the vulnerability from being triggered. Additionally, restrict access to the ext4 ext show leaf() function and related components to minimize the risk of exploitation.