{"vulnerability": "CVE-2024-44941", "sightings": [{"uuid": "7a10bdbb-acff-47f6-a1b9-55ad8a99b867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-44941", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "912ceba3-c8ec-4922-a563-816193e21ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44941", "type": "seen", "source": "https://t.me/cvedetector/4132", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44941 - Linux F2FS Slab-Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-44941 \nPublished : Aug. 26, 2024, 12:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nf2fs: fix to cover read extent cache access with lock  \n  \nsyzbot reports a f2fs bug as below:  \n  \nBUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46  \nRead of size 4 at addr ffff8880739ab220 by task syz-executor200/5097  \n  \nCPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024  \nCall Trace:  \n   \n __dump_stack lib/dump_stack.c:88 [inline]  \n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114  \n print_address_description mm/kasan/report.c:377 [inline]  \n print_report+0x169/0x550 mm/kasan/report.c:488  \n kasan_report+0x143/0x180 mm/kasan/report.c:601  \n sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46  \n do_read_inode fs/f2fs/inode.c:509 [inline]  \n f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560  \n f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237  \n generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413  \n exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444  \n exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584  \n do_handle_to_path fs/fhandle.c:155 [inline]  \n handle_to_path fs/fhandle.c:210 [inline]  \n do_handle_open+0x495/0x650 fs/fhandle.c:226  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nWe missed to cover sanity_check_extent_cache() w/ extent cache lock,  \nso, below race case may happen, result in use after free issue.  \n  \n- f2fs_iget  \n - do_read_inode  \n  - f2fs_init_read_extent_tree  \n  : add largest extent entry in to cache  \n     - shrink  \n      - f2fs_shrink_read_extent_tree  \n       - __shrink_extent_tree  \n        - __detach_extent_node  \n        : drop largest extent entry  \n  - sanity_check_extent_cache  \n  : access et->largest w/o lock  \n  \nlet's refactor sanity_check_extent_cache() to avoid extent cache access  \nand call it before f2fs_init_read_extent_tree() to fix this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T15:23:50.000000Z"}]}