mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
2.1 KiB
2.1 KiB
CVE-2024-49854
Description
In the Linux kernel, the following vulnerability has been resolved:block, bfq: fix uaf for accessing waker_bfqq after splittingAfter commit 42c306ed7233 ("block, bfq: don't break merge chain inbfq_split_bfqq()"), if the current procress is the last holder of bfqq,the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq andthen access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqqmay in the merge chain of bfqq, hence just recored waker_bfqq is stillnot safe.Fix the problem by adding a helper bfq_waker_bfqq() to check ifbfqq->waker_bfqq is in the merge chain, and current procress is the onlyholder.
POC
Reference
No PoCs from references.