Slab Use-After-Free Vulnerability in Linux Kernel's OCFS2 Management
CVE-2024-57892

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability exists in the Linux kernel related to the OCFS2 file system, where a slab-use-after-free can occur during the remounting process. This happens when the user invokes a syscall to quota_getnextquota after mounting OCFS2 and subsequently remounting it as read-only. The root cause is the dangling pointer dqi_priv, which is freed during remounting but not set to null. As a result, this pointer remains accessible, potentially leading to undefined behavior and system stability issues. A fix has been implemented by ensuring that dqi_priv is set to null upon freeing and adding checks for the DQUOT_SUSPENDED flag during a quota retrieval operation.

Affected Version(s)

Linux 8f9e8f5fcc059a3cba87ce837c88316797ef3645 < 58f9e20e2a7602e1dd649a1ec4790077c251cb6c

Linux 8f9e8f5fcc059a3cba87ce837c88316797ef3645 < 8ff6f635a08c30559ded0c110c7ce03ba7747d11

Linux 8f9e8f5fcc059a3cba87ce837c88316797ef3645

References

https://git.kernel.org/stable/c/58f9e20e2a7602e1dd649a1ec...

https://git.kernel.org/stable/c/8ff6f635a08c30559ded0c110...

https://git.kernel.org/stable/c/f44e6d70c100614c211703f06...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 11, 2025