Amazon Linux AMI: CVE-2024-49883: Security patch for kernel (ALAS-2025-1970)

In the Linux kernel, the following vulnerability has been resolved:

ext4: aovid use-after-free in ext4_ext_insert_extent()

As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is

reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and

cause UAF. Below is a sample trace with dummy values:

ext4_ext_insert_extent

path = *ppath = 2000

ext4_ext_create_new_leaf(ppath)

ext4_find_extent(ppath)

path = *ppath = 2000

if (depth > path[0].p_maxdepth)

kfree(path = 2000);

*ppath = path = NULL;

path = kcalloc() = 3000

*ppath = 3000;

return path;

/* here path is still 2000, UAF! */

eh = path[depth].p_hdr

==================================================================

BUG: KASAN: slab-use-after-free in ext4_ext_insert_extent+0x26d4/0x3330

Read of size 8 at addr ffff8881027bf7d0 by task kworker/u36:1/179

CPU: 3 UID: 0 PID: 179 Comm: kworker/u6:1 Not tainted 6.11.0-rc2-dirty #866

Call Trace:

<TASK>

ext4_ext_insert_extent+0x26d4/0x3330

ext4_ext_map_blocks+0xe22/0x2d40

ext4_map_blocks+0x71e/0x1700

ext4_do_writepages+0x1290/0x2800

[...]

Allocated by task 179:

ext4_find_extent+0x81c/0x1f70

ext4_ext_map_blocks+0x146/0x2d40

ext4_map_blocks+0x71e/0x1700

ext4_do_writepages+0x1290/0x2800

ext4_writepages+0x26d/0x4e0

do_writepages+0x175/0x700

[...]

Freed by task 179:

kfree+0xcb/0x240

ext4_find_extent+0x7c0/0x1f70

ext4_ext_insert_extent+0xa26/0x3330

ext4_ext_map_blocks+0xe22/0x2d40

ext4_map_blocks+0x71e/0x1700

ext4_do_writepages+0x1290/0x2800

ext4_writepages+0x26d/0x4e0

do_writepages+0x175/0x700

[...]

==================================================================

So use *ppath to update the path to avoid the above problem.