CVE-2024-49854

block, bfq: fix uaf for accessing waker_bfqq after splitting

Description

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.

INFO

Published Date :

2024-10-21T12:18:46.723Z

Last Modified :

2025-11-03T22:22:22.684Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2024-49854 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49854.

URL	Resource
https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f
https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583
https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf
https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726
https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe
https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024102153-CVE-2024-49854-1ba5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-49854
https://www.cve.org/CVERecord?id=CVE-2024-49854

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact