VDB
DEBIAN-CVE-2024-49854
DEBIAN-CVE-2024-49854
REJECTED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | 6.1.106-3, 6.1.106-3, 6.1.112-1 |
| Debian:13 | linux | 0, 0 |
| Debian:12 | linux | 6.1.38-3, 6.1.38-4, 6.1.38-4 |
| Debian:14 | linux | 0, 0 |
| Debian:11 | linux | 5.16~rc1-1~exp1, 5.16~rc3-1~exp1, 5.16~rc5-1~exp1 |
Timeline
- Dec 22, 2025 CVE Rejected