mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.3 KiB
1.3 KiB
CVE-2024-49960
Description
In the Linux kernel, the following vulnerability has been resolved:ext4: fix timer use-after-free on failed mountSyzbot has found an ODEBUG bug in ext4_fill_superThe del_timer_sync function cancels the s_err_report timer,which reminds about filesystem errors daily. We shouldguarantee the timer is no longer active before kfree(sbi).When filesystem mounting fails, the flow goes to failed_mount3,where an error occurs when ext4_stop_mmpd is called, causinga read I/O failure. This triggers the ext4_handle_error functionthat ultimately re-arms the timer,leaving the s_err_report timer active before kfree(sbi) is called.Fix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.
POC
Reference
No PoCs from references.