CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-49956: gfs2: fix double destroy_workqueue error

Description

In the Linux kernel, the following vulnerability has been resolved:

gfs2: fix double destroy_workqueue error

When gfs2_fill_super() fails, destroy_workqueue() is called within
gfs2_gl_hash_clear(), and the subsequent code path calls
destroy_workqueue() on the same work queue again.

This issue can be fixed by setting the work queue pointer to NULL after
the first destroy_workqueue() call and checking for a NULL pointer
before attempting to destroy the work queue again.

Classification

CVE ID: CVE-2024-49956

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.2% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49956
https://git.kernel.org/stable/c/a5336035728d77efd76306940d742a6f23debe68
https://git.kernel.org/stable/c/6cb9df81a2c462b89d2f9611009ab43ae8717841

Timeline

2025-03-06 09:45:38 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-49956
2025-05-04 10:40:20 UTC
CVE

gfs2: fix double destroy_workqueue error