vulnerability

Amazon Linux AMI: CVE-2024-49882: Security patch for kernel (ALAS-2025-1973)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Oct 21, 2024	May 22, 2025	May 30, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Oct 21, 2024

Added

May 22, 2025

Modified

May 30, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix double brelse() the buffer of the extents path

In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been

released, otherwise it may be released twice. An example of what triggers

this is as follows:

split2 map split1

|--------|-------|--------|

ext4_ext_map_blocks

ext4_ext_handle_unwritten_extents

ext4_split_convert_extents

// path->p_depth == 0

ext4_split_extent

// 1. do split1

ext4_split_extent_at

|ext4_ext_insert_extent

| ext4_ext_create_new_leaf

| ext4_ext_grow_indepth

| le16_add_cpu(&neh->eh_depth, 1)

| ext4_find_extent

| // return -ENOMEM

|// get error and try zeroout

|path = ext4_find_extent

| path->p_depth = 1

|ext4_ext_try_to_merge

| ext4_ext_try_to_merge_up

| path->p_depth = 0

| brelse(path[1].p_bh) ---> not set to NULL here

|// zeroout success

// 2. update path

ext4_find_extent

// 3. do split2

ext4_split_extent_at

ext4_ext_insert_extent

ext4_ext_create_new_leaf

ext4_ext_grow_indepth

le16_add_cpu(&neh->eh_depth, 1)

ext4_find_extent

path[0].p_bh = NULL;

path->p_depth = 1

read_extent_tree_block ---> return err

// path[1].p_bh is still the old value

ext4_free_ext_path

ext4_ext_drop_refs

// path->p_depth == 1

brelse(path[1].p_bh) ---> brelse a buffer twice

Finally got the following WARRNING when removing the buffer from lru:

============================================

VFS: brelse: Trying to free free buffer

WARNING: CPU: 2 PID: 72 at fs/buffer.c:1241 __brelse+0x58/0x90

CPU: 2 PID: 72 Comm: kworker/u19:1 Not tainted 6.9.0-dirty #716

RIP: 0010:__brelse+0x58/0x90

Call Trace:

<TASK>

__find_get_block+0x6e7/0x810

bdev_getblk+0x2b/0x480

__ext4_get_inode_loc+0x48a/0x1240

ext4_get_inode_loc+0xb2/0x150

ext4_reserve_inode_write+0xb7/0x230

__ext4_mark_inode_dirty+0x144/0x6a0

ext4_ext_insert_extent+0x9c8/0x3230

ext4_ext_map_blocks+0xf45/0x2dc0

ext4_map_blocks+0x724/0x1700

ext4_do_writepages+0x12d6/0x2a70

[...]

============================================

Solution

amazon-linux-upgrade-kernel

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today