CVE-2024-49889: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49889 is a use-after-free vulnerability discovered in the Linux kernel's ext4 filesystem implementation, specifically in the ext4extshowleaf() function. The vulnerability was disclosed on October 21, 2024, affecting multiple versions of the Linux kernel up to versions 5.10.227, 5.15.168, 6.1.113, 6.6.55, 6.10.14, and 6.11.3. The issue occurs when a previously saved path pointer may be freed by error or reallocated in ext4find_extent(), potentially leading to a use-after-free condition (NVD).

The vulnerability stems from a path pointer management issue in the ext4 filesystem code. In ext4findextent(), a path may be freed by error or reallocated, causing a use-after-free condition when using a previously saved ppath. The issue specifically manifests in the following sequence: ext4splitextent saves path = ppath, followed by ext4splitextentat(ppath), then path = ext4findextent(ppath), and finally ext4extshowleaf(inode, path) where eh = path[depth].phdr triggers the use-after-free. The vulnerability is only triggered when EXTDEBUG is defined and therefore does not affect normal functionality (Kernel Patch).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), indicating significant potential impact. However, since the issue is only triggered when EXT_DEBUG is defined, the practical impact is limited to debugging environments and does not affect normal system operations (NVD).

The vulnerability has been patched in various Linux kernel versions. The fix involves modifying the code to use *ppath directly as input to ext4extshow_leaf() instead of using a saved path pointer. Updates are available for affected kernel versions, and users are advised to update to the patched versions (Kernel Patch).