CVE-2024-49854
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49854
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49854.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49854
- Downstream
- Related
- Published
- 2024-10-21T12:18:46.723Z
- Modified
- 2025-11-28T02:34:27.228548Z
- Summary
- block, bfq: fix uaf for accessing waker_bfqq after splitting
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for accessing waker_bfqq after splitting
After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfqsplitbfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfqsplitbfqq(). Hence recored the bfqq and then access bfqq->wakerbfqq may trigger UAF. What's more, the wakerbfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe.
Fix the problem by adding a helper bfqwakerbfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49854.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f
- https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583
- https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf
- https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726
- https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe
- https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49854.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-49854
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducede0c20d88b7dce85d2703bb6ba77bf359959675cdFixed63a07379fdb6c72450cb05294461c6016b8b7726
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedde6c5e3a456019d2182e345730e59721714fa0b5Fixedde0456460f2abf921e356ed2bd8da87a376680bd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced19f3bec2ac4be329b9bd12b18a989b867618d2d8Fixed0780451f03bf518bc032a7c584de8f92e2d39d7f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced13b3d0e8cb121f99b11918a0d4bcc1ce4647d352Fixed0b8bda0ff17156cd3f60944527c9d8c9f99f1583
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4780f50ea50cfe8e89fc3747bf3dd155488433bbFixedcae58d19121a70329cf971359e2518c93fec04fe
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced42c306ed723321af4003b2a41bb73728cab54f85Fixed1ba0403ac6447f2d63914fb760c44a3b19c44eaf
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected9e813033594b141f61ff0ef0cfaaef292564b041Last affected3a5f45a4ad4e1fd36b0a998eef03d76a4f02a2a8Last affected3630a18846c7853aa326d3b42fd0a855af7b41bc