Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9zwa-j9s1-u7f7
Vulnerability ID VCID-9zwa-j9s1-u7f7
Aliases CVE-2024-44941
Summary In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097 CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 do_read_inode fs/f2fs/inode.c:509 [inline] f2fs_iget+0x33e1/0x46e0 fs/f2fs/inode.c:560 f2fs_nfs_get_inode+0x74/0x100 fs/f2fs/super.c:3237 generic_fh_to_dentry+0x9f/0xf0 fs/libfs.c:1413 exportfs_decode_fh_raw+0x152/0x5f0 fs/exportfs/expfs.c:444 exportfs_decode_fh+0x3c/0x80 fs/exportfs/expfs.c:584 do_handle_to_path fs/fhandle.c:155 [inline] handle_to_path fs/fhandle.c:210 [inline] do_handle_open+0x495/0x650 fs/fhandle.c:226 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f We missed to cover sanity_check_extent_cache() w/ extent cache lock, so, below race case may happen, result in use after free issue. - f2fs_iget - do_read_inode - f2fs_init_read_extent_tree : add largest extent entry in to cache - shrink - f2fs_shrink_read_extent_tree - __shrink_extent_tree - __detach_extent_node : drop largest extent entry - sanity_check_extent_cache : access et->largest w/o lock let's refactor sanity_check_extent_cache() to avoid extent cache access and call it before f2fs_init_read_extent_tree() to fix this issue.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44941.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-44941
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-44941
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-44941
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2024-44941
cvssv3.1 6.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8
ssvc Track https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d
ssvc Track https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44941.json
https://api.first.org/data/v1/epss?cve=CVE-2024-44941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44941
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2307900 https://bugzilla.redhat.com/show_bug.cgi?id=2307900
263df78166d3a9609b97d28c34029bd01874cbb8 https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8
323ef20b5558b9d9fd10c1224327af6f11a8177d https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d
d7409b05a64f212735f0d33f5f1602051a886eab https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab
USN-7154-1 https://usn.ubuntu.com/7154-1/
USN-7154-2 https://usn.ubuntu.com/7154-2/
USN-7155-1 https://usn.ubuntu.com/7155-1/
USN-7156-1 https://usn.ubuntu.com/7156-1/
USN-7196-1 https://usn.ubuntu.com/7196-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44941.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:27:29Z/ Found at https://git.kernel.org/stable/c/263df78166d3a9609b97d28c34029bd01874cbb8
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:27:29Z/ Found at https://git.kernel.org/stable/c/323ef20b5558b9d9fd10c1224327af6f11a8177d
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:27:29Z/ Found at https://git.kernel.org/stable/c/d7409b05a64f212735f0d33f5f1602051a886eab
Exploit Prediction Scoring System (EPSS)
Percentile 0.1331
EPSS Score 0.00042
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:51:23.622679+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0