SB2024062029 - Use-after-free in Linux kernel gfs2
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062029
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-38570)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37
- https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0
- https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca
- https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12