{"vulnerability": "CVE-2024-56672", "sightings": [{"uuid": "b436f25d-a5d8-4c5a-9352-ccf2fae7fe05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc2z3o352f", "content": "", "creation_timestamp": "2024-12-27T15:21:01.766668Z"}, {"uuid": "476ea8d4-294a-48b6-871f-4482d3c4e030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://t.me/cvedetector/13761", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-56672 - QEMU Linux Kernel UAF in blk-cgroup\", \n  \"Content\": \"CVE ID : CVE-2024-56672 \nPublished : Dec. 27, 2024, 3:15 p.m. | 32\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nblk-cgroup: Fix UAF in blkcg_unpin_online()  \n  \nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To  \nwalk up, it uses blkcg_parent(blkcg) but it was calling that after  \nblkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the  \nfollowing UAF:  \n  \n  ==================================================================  \n  BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270  \n  Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117  \n  \n  CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48  \n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022  \n  Workqueue: cgwb_release cgwb_release_workfn  \n  Call Trace:  \n     \n   dump_stack_lvl+0x27/0x80  \n   print_report+0x151/0x710  \n   kasan_report+0xc0/0x100  \n   blkcg_unpin_online+0x15a/0x270  \n   cgwb_release_workfn+0x194/0x480  \n   process_scheduled_works+0x71b/0xe20  \n   worker_thread+0x82a/0xbd0  \n   kthread+0x242/0x2c0  \n   ret_from_fork+0x33/0x70  \n   ret_from_fork_asm+0x1a/0x30  \n     \n  ...  \n  Freed by task 1944:  \n   kasan_save_track+0x2b/0x70  \n   kasan_save_free_info+0x3c/0x50  \n   __kasan_slab_free+0x33/0x50  \n   kfree+0x10c/0x330  \n   css_free_rwork_fn+0xe6/0xb30  \n   process_scheduled_works+0x71b/0xe20  \n   worker_thread+0x82a/0xbd0  \n   kthread+0x242/0x2c0  \n   ret_from_fork+0x33/0x70  \n   ret_from_fork_asm+0x1a/0x30  \n  \nNote that the UAF is not easy to trigger as the free path is indirected  \nbehind a couple RCU grace periods and a work item execution. I could only  \ntrigger it with artifical msleep() injected in blkcg_unpin_online().  \n  \nFix it by reading the parent pointer before destroying the blkcg's blkg's. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T16:50:49.000000Z"}, {"uuid": "a14bd028-ebd8-4fb4-922e-5986ef7dd5eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56672", "type": "seen", "source": "https://gist.github.com/webmutation/894dd1a9a17615b7469198bb18bc3a16", "content": "", "creation_timestamp": "2025-04-12T00:10:16.000000Z"}]}