CVE-2024-49960

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49960

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49960.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-49960

Downstream

BELL-CVE-2024-49960

DEBIAN-CVE-2024-49960

DLA-4008-1

DLA-4178-1

DSA-5818-1

OESA-2024-2367

OESA-2024-2424

OESA-2024-2425

OESA-2024-2426

RHSA-2025:6966

SUSE-SU-2024:3983-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4082-1

SUSE-SU-2024:4131-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4387-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-10-21T18:15:17Z

Modified

2025-08-09T20:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix timer use-after-free on failed mount

Syzbot has found an ODEBUG bug in ext4fillsuper

The deltimersync function cancels the serrreport timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi).

When filesystem mounting fails, the flow goes to failedmount3, where an error occurs when ext4stopmmpd is called, causing a read I/O failure. This triggers the ext4handleerror function that ultimately re-arms the timer, leaving the serr_report timer active before kfree(sbi) is called.

Fix the issue by canceling the serrreport timer after calling ext4stopmmpd.

References

Affected packages