CVE - CVE-2024-38583

CVE-ID
CVE-2024-38583	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6 URL:https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6 MISC:https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148 URL:https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148 MISC:https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb URL:https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb MISC:https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d URL:https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d MISC:https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164 URL:https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164 MISC:https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a URL:https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a MISC:https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438 URL:https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438 MISC:https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 URL:https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 MISC:https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0 URL:https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0 MLIST:[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Assigning CNA
kernel.org
Date Record Created
20240618	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240618)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)