Kernel: use-after-free while changing the mount option in __ext4_remount leading
CVE-2024-0775

7.1HIGH

Key Information:

Vendor: Red Hat
Status: Kernel; kernel; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 22 January 2024

Summary

A use-after-free vulnerability exists in the ext4 file system within the Linux kernel. This flaw occurs due to improper handling of old quota file names, which can lead to inactive memory being accessed during a failure condition. A local user could exploit this issue to potentially leak sensitive information or impact system stability through unintended access to freed memory regions. The vulnerability resides specifically in the __ext4_remount function located in fs/ext4/super.c, making it crucial for system administrators to monitor and patch affected systems promptly to mitigate risks.

Affected Version(s)

Kernel 6.4-rc2

References

https://access.redhat.com/security/cve/CVE-2024-0775

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2259414

issue-trackingx_refsource_REDHAT

https://scm.linefinity.com/common/linux-stable/commit/4c0...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2024
Vulnerability Reserved
Jan 21, 2024

Collectors

NVD DatabaseMitre Database