CVE-2024-0562

Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c

Published: 1/15/2024 Last updated: 11/15/2025 Reserved: 1/15/2024

A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (10)

Product	Vendor	Version
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< dc3391d49479bc2bf8a2b88dbf86fdd800882fee
Red Hat Enterprise Linux 9	Red Hat	< 0591b14ce0398125439c759f889647369aa616a0
		<= 5.17.*
Red Hat Enterprise Linux 6	Red Hat	< 5bfc53df288e8ea54ca6866fb92034214940183f
Red Hat Enterprise Linux 7	Red Hat	< 4b737246ff50f810d6ab4be13c1388a07f0c14b1
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	<= *
Red Hat Enterprise Linux 8	Red Hat	< 4dd6e1cc9c7403f1ee1b7eee85bc31b797ae8347
Red Hat Enterprise Linux 9	Red Hat	5.5
Red Hat Enterprise Linux 7	Red Hat	< feb847e6591e8c7a09cc39721cc9ca74fd9a5d80
Red Hat Enterprise Linux 8	Red Hat	< bc6c381df5793ebcf32db88a3e65acf7870379fc

CVE-2024-0562

Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c

Metrics

Opam packages affected (29)

Products affected (10)

References (16)