CVE-2024-49889
ext4: avoid use-after-free in ext4_ext_show_leaf()
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid use-after-free in ext4_ext_show_leaf()
In ext4_find_extent(), path may be freed by error or be reallocated, so
using a previously saved *ppath may have been freed and thus may trigger
use-after-free, as follows:
ext4_split_extent
path = *ppath;
ext4_split_extent_at(ppath)
path = ext4_find_extent(ppath)
ext4_split_extent_at(ppath)
// ext4_find_extent fails to free path
// but zeroout succeeds
ext4_ext_show_leaf(inode, path)
eh = path[depth].p_hdr
// path use-after-free !!!
Similar to ext4_split_extent_at(), we use *ppath directly as an input to
ext4_ext_show_leaf(). Fix a spelling error by the way.
Same problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only
used in ext4_ext_show_leaf(), remove 'path' and use *ppath directly.
This issue is triggered only when EXT_DEBUG is defined and therefore does
not affect functionality.
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-355557.htmlhttps://git.kernel.org/stable/c/2eba3b0cc5b8de624918d21f32b5b8db59a90b39https://git.kernel.org/stable/c/34b2096380ba475771971a778a478661a791aa15https://git.kernel.org/stable/c/4999fed877bb64e3e7f9ab9996de2ca983c41928https://git.kernel.org/stable/c/4e2524ba2ca5f54bdbb9e5153bea00421ef653f5https://git.kernel.org/stable/c/8b114f2cc7dd5d36729d040b68432fbd0f0a8868https://git.kernel.org/stable/c/b0cb4561fc4284d04e69c8a66c8504928ab2484ehttps://git.kernel.org/stable/c/d483c7cc1796bd6a80e7b3a8fd494996260f6b67https://lists.debian.org/debian-lts-announce/2025/01/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html