CVE-2024-0562
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-0562 is a use-after-free vulnerability affecting the Linux Kernel. Specifically, when a disk is removed, the system calls bdi_unregister to halt further write-backs and waits for associated delayed work to complete. However, wb_inode_writeback_end may schedule bandwidth estimation work after this process, leading the timer to inadvertently access the recently freed bdi_writeback, potentially causing memory corruption or system instability. This issue poses a serious risk to Linux systems, especially those with heavy disk I/O workloads. System administrators are advised to apply the necessary patch as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
- Red Hat Enterprise Linux
Affected Vendors
- LINUX
- Red Hat
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions