CVE-2024-56759
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-56759 is a use-after-free vulnerability in the Linux kernel's btrfs file system. When enabling tracing and preemption, a COWing (Copy-On-Write) tree block operation can lead to the release of the extent buffer before the tracepoint function is called, resulting in a use-after-free error. This vulnerability is resolved by moving the tracepoint function call from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This change also results in the tracepoint being invoked in the tree defrag code, which was previously missing.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX