{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49983","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.053Z","datePublished":"2024-10-21T18:02:28.474Z","dateUpdated":"2025-11-03T22:24:05.400Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:42:59.986Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe 'ppath' is updated but it is the 'path' that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n  ppath = path\n  ext4_force_split_extent_at(&ppath)\n    ext4_split_extent_at\n      ext4_ext_insert_extent\n        ext4_ext_create_new_leaf\n          ext4_ext_grow_indepth\n            ext4_find_extent\n              if (depth > path[0].p_maxdepth)\n                kfree(path)                 ---> path First freed\n                *orig_path = path = NULL    ---> null ppath\n  kfree(path)                               ---> path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/extents.c"],"versions":[{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"8c26d9e53e5fbacda0732a577e97c5a5b7882aaf","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"a34bed978364114390162c27e50fca50791c568d","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"6367d3f04c69e2b8770b8137bd800e0784b0abbc","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"1b558006d98b7b0b730027be0ee98973dd10ee0d","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"3ff710662e8d86a63a39b334e9ca0cb10e5c14b0","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"63adc9016917e6970fb0104ee5fd6770f02b2d80","status":"affected","versionType":"git"},{"version":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2","lessThan":"5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/extents.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.10.227","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.168","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.113","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.227"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.15.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.1.113"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aaf"},{"url":"https://git.kernel.org/stable/c/a34bed978364114390162c27e50fca50791c568d"},{"url":"https://git.kernel.org/stable/c/6367d3f04c69e2b8770b8137bd800e0784b0abbc"},{"url":"https://git.kernel.org/stable/c/1b558006d98b7b0b730027be0ee98973dd10ee0d"},{"url":"https://git.kernel.org/stable/c/3ff710662e8d86a63a39b334e9ca0cb10e5c14b0"},{"url":"https://git.kernel.org/stable/c/63adc9016917e6970fb0104ee5fd6770f02b2d80"},{"url":"https://git.kernel.org/stable/c/5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95"}],"title":"ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49983","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:32:15.569255Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:38:44.023Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:24:05.400Z"}}]}}