See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-26704

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 3, 2024

Updated: Jan 14, 2025

CWE ID 415

Summary

CVE-2024-26704 is a vulnerability in the Linux kernel that affects the ext4 file system. In the function ext4_move_extents(), a double-free issue occurs when the moved extents overlap with preallocated extents. This happens because moved_len, which is used to determine whether to discard preallocated blocks, is not updated when the loop fails to exit after successfully moving some extents. As a result, these blocks are freed twice, leading to a zero-division bug in mb_update_avg_fragment_size() when trim is executed. To prevent this issue, the Linux kernel team has recommended updating move_len after each extent move.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database