Описание
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
A use-after-free flaw was found in the EXT4 file system, related to ext4_es_insert_extent, in the Linux Kernel. This issue may allow an attacker to create a crafted EXT4 file system which will trigger the vulnerability and lead the kernel to PANIC, causing a denial of service on the targeted system.
Отчет
The Red Hat Enterprise Linux (all versions) not affected, because previous commit 2a69c45 not applied yet (that is "ext4: using nofail preallocation in ext4_es_insert_extent()").
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c related to ext4_es_insert_extent.
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/ext ...
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
EPSS
7.8 High
CVSS3