1.7 KiB
CVE-2024-49983
Description
In the Linux kernel, the following vulnerability has been resolved:ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-freeWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),the 'ppath' is updated but it is the 'path' that is freed, thus potentiallytriggering a double-free in the following process:ext4_ext_replay_update_ex ppath = path ext4_force_split_extent_at(&ppath) ext4_split_extent_at ext4_ext_insert_extent ext4_ext_create_new_leaf ext4_ext_grow_indepth ext4_find_extent if (depth > path[0].p_maxdepth) kfree(path) ---> path First freed *orig_path = path = NULL ---> null ppath kfree(path) ---> path double-free !!!So drop the unnecessary ppath and use path directly to avoid this problem.And use ext4_find_extent() directly to update path, avoiding unnecessarymemory allocation and freeing. Also, propagate the error returned byext4_find_extent() instead of using strange error codes.
POC
Reference
No PoCs from references.