U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-38583 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported regarding the timer sc_timer on the nilfs_sc_info structure. The problem is that even though it is used to wake up a sleeping log writer thread, sc_timer is not shut down until the nilfs_sc_info structure is about to be freed, and is used regardless of the thread's lifetime. Fix this issue by limiting the use of sc_timer only while the log writer thread is alive.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/2f12b2c03c5dae1a0de0a9e5853177e3d6eee3c6 Patch 
https://git.kernel.org/stable/c/67fa90d4a2ccd9ebb0e1e168c7d0b5d0cf3c7148 Patch 
https://git.kernel.org/stable/c/68e738be5c518fc3c4e9146b66f67c8fee0135fb Patch 
https://git.kernel.org/stable/c/822ae5a8eac30478578a75f7e064f0584931bf2d Patch 
https://git.kernel.org/stable/c/82933c84f188dcfe89eb26b0b48ab5d1ca99d164 Patch 
https://git.kernel.org/stable/c/86a30d6302deddb9fb97ba6fc4b04d0e870b582a Patch 
https://git.kernel.org/stable/c/e65ccf3a4de4f0c763d94789615b83e11f204438 Patch 
https://git.kernel.org/stable/c/f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Patch 
https://git.kernel.org/stable/c/f9186bba4ea282b07293c1c892441df3a5441cb0 Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

4 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-38583
NVD Published Date:
06/19/2024
NVD Last Modified:
08/01/2024
Source:
kernel.org