CVE-2024-56759

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jan 6, 2025
Updated: Jan 9, 2025
CWE ID 416

Summary

CVE-2024-56759 is a use-after-free vulnerability in the Linux kernel's btrfs file system. When enabling tracing and preemption, a COWing (Copy-On-Write) tree block operation can lead to the release of the extent buffer before the tracepoint function is called, resulting in a use-after-free error. This vulnerability is resolved by moving the tracepoint function call from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This change also results in the tracepoint being invoked in the tree defrag code, which was previously missing.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share