{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix uaf for accessing waker_bfqq after splitting\n\nAfter commit 42c306ed7233 (\"block, bfq: don't break merge chain in\nbfq_split_bfqq()\"), if the current procress is the last holder of bfqq,\nthe bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and\nthen access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq\nmay in the merge chain of bfqq, hence just recored waker_bfqq is still\nnot safe.\n\nFix the problem by adding a helper bfq_waker_bfqq() to check if\nbfqq->waker_bfqq is in the merge chain, and current procress is the only\nholder." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "block/bfq-iosched.c" ], "versions": [ { "version": "e0c20d88b7dc", "lessThan": "63a07379fdb6", "status": "affected", "versionType": "git" }, { "version": "de6c5e3a4560", "lessThan": "de0456460f2a", "status": "affected", "versionType": "git" }, { "version": "19f3bec2ac4b", "lessThan": "0780451f03bf", "status": "affected", "versionType": "git" }, { "version": "13b3d0e8cb12", "lessThan": "0b8bda0ff171", "status": "affected", "versionType": "git" }, { "version": "4780f50ea50c", "lessThan": "cae58d19121a", "status": "affected", "versionType": "git" }, { "version": "42c306ed7233", "lessThan": "1ba0403ac644", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "block/bfq-iosched.c" ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726" }, { "url": "https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd" }, { "url": "https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f" }, { "url": "https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583" }, { "url": "https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe" }, { "url": "https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf" } ], "title": "block, bfq: fix uaf for accessing waker_bfqq after splitting", "x_generator": { "engine": "bippy-c9c4e1df01b2" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2024-49854", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }