CVE-2024-0775: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-0775 is a use-after-free vulnerability discovered in the __ext4_remount function within fs/ext4/super.c of the Linux kernel's ext4 filesystem implementation. The vulnerability was reported on January 21, 2024, and affects Linux kernel versions up to (excluding) 6.4 (NVD, CVE Mitre).

The vulnerability occurs during the mount options change process in __ext4_remount(). When failures occur during this process, the system needs to restore old mount options. However, there are two specific issues: first, the old quota file names might be freed before a potential failure, leading to a use-after-free condition; second, in cases of failed read/write to read-only transitions where quota has been suspended, quota handling needs to be re-enabled (Linux Commit). The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) by NIST, with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (NVD).

The vulnerability can allow a local user to cause information leaks and potentially trigger system crashes through use-after-free conditions. This could lead to unauthorized access to sensitive information or denial of service conditions (Ubuntu Security).

The vulnerability has been fixed in Linux kernel version 6.4-rc2. Various Linux distributions have released patches for their respective versions. For instance, Ubuntu has released fixes for versions 22.04 LTS (5.15.0-83.92), 20.04 LTS (5.4.0-162.179), and 18.04 LTS (4.15.0-223.235) (Ubuntu Security). Users are advised to update their systems to the patched versions.