CVE-2024-42314

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42314
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c Patch
https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89 Patch
https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7
https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

04 Sep 2024, 12:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/c1cc3326e27b0bd7a2806b40bc48e49afaf951e7 -

22 Aug 2024, 15:50

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux
Linux linux Kernel
CWE CWE-416
References () https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c - () https://git.kernel.org/stable/c/8e7860543a94784d744c7ce34b78a2e11beefa5c - Patch
References () https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89 - () https://git.kernel.org/stable/c/b7859ff398b6b656e1689daa860eb34837b4bb89 - Patch
References () https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8 - () https://git.kernel.org/stable/c/c205565e0f2f439f278a4a94ee97b67ef7b56ae8 - Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

19 Aug 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corrige el use after free el mapa de extensión al agregar páginas a una biografía comprimida En add_ra_bio_pages() estamos accediendo al mapa de extensión para calcular 'add_size' después de que eliminamos nuestra referencia en el mapa de extensión, lo que resulta en un use-after-free. Solucione este problema calculando 'add_size' antes de eliminar nuestra referencia del mapa de extensión.

17 Aug 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-17 09:15

Updated : 2024-09-04 12:15

NVD link : CVE-2024-42314

Mitre link : CVE-2024-42314

CVE.ORG link : CVE-2024-42314

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024