Vulnerabilities > CVE-2024-49855 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime make sure that cmd->lock is grabbed for clearing the flag and the requeue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b
- https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d
- https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7
- https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc
- https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990