CVE-2024-49960: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49960 is a use-after-free vulnerability discovered in the Linux kernel's ext4 filesystem implementation. The vulnerability was identified by Syzbot in the ext4_fill_super function and was disclosed in October 2024. This issue affects Linux kernel versions up to (excluding) 6.6.55, versions from 6.7 up to (excluding) 6.10.14, and versions from 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability occurs during the filesystem mount failure handling process. When filesystem mounting fails, the flow enters failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handle_error function that re-arms the s_err_report timer, which is used to remind about filesystem errors daily. The issue arises because the timer remains active before kfree(sbi) is called, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to potentially execute arbitrary code or cause a denial of service through a use-after-free condition in the ext4 filesystem implementation. This could lead to system crashes or potential privilege escalation (NVD).

The vulnerability has been fixed by modifying the order of operations in the failed_mount3 handler, specifically by canceling the s_err_report timer after calling ext4_stop_mmpd. This fix has been implemented in various Linux kernel versions through security updates. Users are advised to update their systems to the patched versions (Kernel Patch).