CVE-2024-57892

Feb. 13, 2025, 2:16 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. [akpm@linux-foundation.org: coding-style cleanups]

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.13

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.13 rc1 / / / / / /
o linux linux_kernel 6.13 rc2 / / / / / /
o linux linux_kernel 6.13 rc3 / / / / / /
o linux linux_kernel 6.13 rc4 / / / / / /
o linux linux_kernel 6.13 rc5 / / / / / /

References

https://git.kernel.org/stable/c/2d431192486367eee03cc28d0b53b97dafcb8e63
https://git.kernel.org/stable/c/2e3d203b1adede46bbba049e497765d67865be18
https://git.kernel.org/stable/c/58f9e20e2a7602e1dd649a1ec4790077c251cb6c
https://git.kernel.org/stable/c/5f3fd772d152229d94602bca243fbb658068a597
https://git.kernel.org/stable/c/8ff6f635a08c30559ded0c110c7ce03ba7747d11
https://git.kernel.org/stable/c/ba950a02d8d23811aa1120affd3adedcfac6153d
https://git.kernel.org/stable/c/f44e6d70c100614c211703f065cad448050e4a0e

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2025-01-15
CVE-2024-57892

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Jan. 15, 2025, 1:15 p.m.
Last Modified: Feb. 13, 2025, 2:16 p.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.