CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-41149: block: avoid to reuse `hctx` not removed from cpuhp callback list

Description

In the Linux kernel, the following vulnerability has been resolved:

block: avoid to reuse `hctx` not removed from cpuhp callback list

If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it,
otherwise use-after-free may be triggered.

Classification

CVE ID: CVE-2024-41149

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.82% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/ee18012c80155f6809522804099621070c69ec72
https://git.kernel.org/stable/c/b5792c162dcf6197bf3d2de2be6c8169435b73d0
https://git.kernel.org/stable/c/85672ca9ceeaa1dcf2777a7048af5f4aee3fd02b

Timeline