vulnerability
Ubuntu: (CVE-2024-49854): linux-fips vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Oct 21, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for accessing waker_bfqq after splitting
After commit 42c306ed7233 ("block, bfq: don't break merge chain in
bfq_split_bfqq()"), if the current procress is the last holder of bfqq,
the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and
then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq
may in the merge chain of bfqq, hence just recored waker_bfqq is still
not safe.
Fix the problem by adding a helper bfq_waker_bfqq() to check if
bfqq->waker_bfqq is in the merge chain, and current procress is the only
holder.
Solution
References
- CVE-2024-49854
- https://attackerkb.com/topics/CVE-2024-49854
- CWE-416
- URL-https://git.kernel.org/linus/1ba0403ac6447f2d63914fb760c44a3b19c44eaf
- URL-https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f
- URL-https://git.kernel.org/stable/c/0b8bda0ff17156cd3f60944527c9d8c9f99f1583
- URL-https://git.kernel.org/stable/c/1ba0403ac6447f2d63914fb760c44a3b19c44eaf
- URL-https://git.kernel.org/stable/c/63a07379fdb6c72450cb05294461c6016b8b7726
- URL-https://git.kernel.org/stable/c/cae58d19121a70329cf971359e2518c93fec04fe
- URL-https://git.kernel.org/stable/c/de0456460f2abf921e356ed2bd8da87a376680bd
- URL-https://www.cve.org/CVERecord?id=CVE-2024-49854
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.