CVE-2024-0562

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 15, 2024
Updated: Jan 25, 2024
CWE ID 416

Summary

CVE-2024-0562 is a use-after-free vulnerability affecting the Linux Kernel. Specifically, when a disk is removed, the system calls bdi_unregister to halt further write-backs and waits for associated delayed work to complete. However, wb_inode_writeback_end may schedule bandwidth estimation work after this process, leading the timer to inadvertently access the recently freed bdi_writeback, potentially causing memory corruption or system instability. This issue poses a serious risk to Linux systems, especially those with heavy disk I/O workloads. System administrators are advised to apply the necessary patch as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Linux Kernel
  • Red Hat Enterprise Linux

Affected Vendors

  • LINUX
  • Red Hat

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-0562 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions