• CVE-2024-49854

发布时间: 2024年12月3日

修改时间: 2025年1月6日

概要

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.

CVSS v3 指标

NVD openEuler
CVSS评分 7.8 7.8
Attack Vector Local Local
Attack Complexity Low Low
Privileges Required Low Low
User Interaction None None
Scope Unchanged Unchanged
Confidentiality High High
Integrity High High
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4230 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. 2024年12月8日

影响产品

产品 状态
KY3.4-5 kernel Unaffected
KY3.5.2 kernel Unaffected
KY3.5.3 kernel Unaffected
V6 kernel Unaffected