CVE-2024-49854: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49854 is a Use-After-Free (UAF) vulnerability discovered in the Linux kernel's block, bfq (Budget Fair Queueing) I/O scheduler component. The vulnerability was identified on October 21, 2024, affecting multiple versions of the Linux kernel from 5.10.227 through 6.11.2. The issue stems from improper handling of waker_bfqq access after splitting operations (NVD).

The vulnerability occurs after commit 42c306ed7233 in the block/bfq-iosched.c file. When the current process is the last holder of bfqq, the bfqq can be freed after bfqsplitbfqq(), potentially triggering a Use-After-Free condition when accessing bfqq->wakerbfqq. Additionally, since wakerbfqq may be in the merge chain of bfqq, simply recording waker_bfqq is not sufficient to prevent the vulnerability. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to privilege escalation, denial of service, or information leaks in affected Linux systems. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability when exploited (NVD).

The vulnerability has been fixed by adding a helper function bfqwakerbfqq() that checks if bfqq->waker_bfqq is in the merge chain and if the current process is the only holder. The fix has been implemented in various kernel versions through patches (Kernel Patch).