CVE-2024-0562CVSS 7.8Linux
CVE-2024-0562: linux kernel vulnerability
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.
- CVSS
- 7.8 HIGH
- EPSS
- 16.76%
- Активно використовується
- немає в KEV
- Продукт
- linux kernel
Що відомо
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.