CVE-2024-49884: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49884 is a slab-use-after-free vulnerability discovered in the Linux kernel's ext4 filesystem component, specifically in the ext4splitextent_at() function. The vulnerability was disclosed on October 21, 2024, affecting Linux kernel versions from 3.18 up to versions before 6.11.3 (NVD).

The vulnerability occurs in the ext4splitextentat() function where a use-after-free condition arises when handling memory allocation and path management. The issue manifests when ext4extinsertextent() frees or reallocates the path, leading to potential use-after-free scenarios in subsequent operations. The vulnerability can be triggered in two ways: when err is -ENOMEM causing a use-after-free in ext4extdirty(), or when err is -EIO with EXTDEBUG defined causing a use-after-free in ext4extshowleaf() (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a denial of service (system crash) or potentially execute arbitrary code. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that updates the path handling in ext4splitextentat(). The fix involves calling ext4findextent() with EXT4EX_NOFAIL flag to update the path and using *ppath directly as input to avoid use-after-free conditions. Users should update their Linux kernel to versions containing the fix (Kernel Patch).