ГлавнаяУязвимости → CVE-2024-0562
7.8высокая

CVE-2024-0562

→ есть в БДУ: BDU:2024-00582 (на русском)
Описание (на английском; русское — в БДУ выше)

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.

Затрагиваемое ПО
Linux Linux kernelRedhat Enterprise linux
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://access.redhat.com/errata/RHSA-2024:0412https://access.redhat.com/security/cve/CVE-2024-0562https://bugzilla.redhat.com/show_bug.cgi?id=2258475https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/https://access.redhat.com/errata/RHSA-2024:0412https://access.redhat.com/security/cve/CVE-2024-0562https://bugzilla.redhat.com/show_bug.cgi?id=2258475https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/