CVE-2024-53171

Summary

CVE-2024-53171 is a vulnerability in the Linux kernel's ubifs file system that can result in use-after-free memory access. This issue occurs when a node in the ubifs tree becomes the root node but still has a `cparent` pointer to a previously freed node. After the deletion of other nodes in the tree, the `cparent` may not be updated, leading to a use-after-free when accessing it in `ubifs_tnc_end_commit()`. This vulnerability can be triggered by a specific sequence of file operations and configuration settings. The affected code is in `ubifs_copy_hash()`, where a `memcpy()` function call contains the use-after-free. To mitigate this vulnerability, the root node in `get_znodes_to_commit()` should be explicitly set to `NULL` for the `znode->cparent` pointer.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.