CVE-2024-49966: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49966 affects the Linux kernel's OCFS2 filesystem component. The vulnerability was discovered when a use-after-free condition was identified in the quota handling functionality. The issue occurs in ocfs2globalreadinfo() which initializes and schedules dqisync_work, but fails to properly cancel the delayed work when freeing oinfo in error handling paths (NVD).

The vulnerability exists in the OCFS2 filesystem's quota management code. When ocfs2globalreadinfo() initializes and schedules dqisyncwork at the end of its execution, if an error occurs after successfully reading global quota, it triggers a warning with CONFIGDEBUGOBJECTS* enabled: 'ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timerlist hint: qsyncwork_fn+0x0/0x16c'. This indicates an active delayed work when freeing oinfo in error handling. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability affects Linux kernel versions from 2.6.29 up to (excluding) 5.10.227, 5.11 to 5.15.168, 5.16 to 6.1.113, 6.2 to 6.6.55, 6.7 to 6.10.14, and 6.11 to 6.11.3. The issue could potentially lead to system instability or security implications due to the use-after-free condition in the kernel's filesystem code (NVD).

The issue has been fixed in the Linux kernel through a patch that ensures dqisyncwork is properly cancelled before freeing oinfo in error handling paths. The fix has been backported to various stable kernel versions. Users should update to patched kernel versions that include the fix (Kernel Patch).