What is CVE-2024-47691?

CVE-2024-47691 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10, classified as a Use After Free flaw (CWE-416), affecting Linux kernel versions from 4.16 onward and patched in 6.6.54, 6.10.13, 6.11.2 and others. CVE-2024-47691 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-47691?

CVE-2024-47691 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2024-47691?

Yes, CVE-2024-47691 has been patched. Fixed versions include 6.6.54, 6.10.13, 6.11.2 and others. If you are running Linux kernel 4.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2024-47691 actively exploited?

CVE-2024-47691 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/416.html

CVE-2024-47691

High

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() syzbot reports a f2fs bug as below: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline] __refcount_add include/linux/refcount.h:184 [inline] __refcount_inc include/linux/refcount.h:241 [inline] refcount_inc include/linux/refcount.h:258 [inline] get_task_struct include/linux/sched/task.h:118 [inline] kthread_stop+0xca/0x630 kernel/kthread.c:704 f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210 f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283 f2fs_ioc_shutdown fs/f2fs/file.c:2325 [inline] __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is below race condition, it may cause use-after-free issue in sbi->gc_th pointer. - remount - f2fs_remount - f2fs_stop_gc_thread - kfree(gc_th) - f2fs_ioc_shutdown - f2fs_do_shutdown - f2fs_stop_gc_thread - kthread_stop(gc_th->f2fs_gc_task) : sbi->gc_thread = NULL; We will call f2fs_do_shutdown() in two paths: - for f2fs_ioc_shutdown() path, we should grab sb->s_umount semaphore for fixing. - for f2fs_shutdown() path, it's safe since caller has already grabbed sb->s_umount semaphore.

Package Linux Kernel

Published 2024-10-21

Last modified 2024-10-23

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.8

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-416

CVE-2024-47691 is a Use After Free vulnerability

What is Use After Free?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. Learn more on MITRE CWE

Affected versions

Linux kernel versions 4.16 and later are affected. Fixed in 6.6.54, 6.10.13, 6.11.2, 6.12 and their respective stable series.

Affected from

≥ 4.16

Fixed in

✓ 6.6.54 6.6.x ✓ 6.10.13 6.10.x ✓ 6.11.2 6.11.x ✓ 6.12

References

The following references provide additional information about CVE-2024-47691 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/7c339dee7eb0f8e4cadc317c595f898ef04dae30
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c7f114d864ac91515bb07ac271e9824a20f5ed95
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d79343cd66343709e409d96b2abb139a0a55ce34
Patch

4 patch commits total View all on NVD

Details

CVE ID CVE-2024-47691

Severity High

CVSS score 7.8 / 10

CVSS version 3.1

Published 2024-10-21

Modified 2024-10-23

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2024-47691?

CVE-2024-47691 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 , classified as an Use After Free flaw (CWE-416) . It affects Linux kernel versions from 4.16 onward and has been patched in 6.6.54, 6.10.13, 6.11.2 and others. CVE-2024-47691 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-47691?

CVE-2024-47691 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2024-47691?

Yes — CVE-2024-47691 has been patched. Fixed versions include 6.6.54, 6.10.13, 6.11.2 and others. If you are running Linux kernel 4.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2024-47691 actively exploited?

No — CVE-2024-47691 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Use After Free (CWE-416)?

The product references memory after it has been freed, which may cause it to crash, use unexpected values, or execute code. View CWE-416 on MITRE CWE →