CVE-2024-49983

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free<br /> <br /> When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),<br /> the &amp;#39;ppath&amp;#39; is updated but it is the &amp;#39;path&amp;#39; that is freed, thus potentially<br /> triggering a double-free in the following process:<br /> <br /> ext4_ext_replay_update_ex<br /> ppath = path<br /> ext4_force_split_extent_at(&amp;ppath)<br /> ext4_split_extent_at<br /> ext4_ext_insert_extent<br /> ext4_ext_create_new_leaf<br /> ext4_ext_grow_indepth<br /> ext4_find_extent<br /> if (depth &gt; path[0].p_maxdepth)<br /> kfree(path) ---&gt; path First freed<br /> *orig_path = path = NULL ---&gt; null ppath<br /> kfree(path) ---&gt; path double-free !!!<br /> <br /> So drop the unnecessary ppath and use path directly to avoid this problem.<br /> And use ext4_find_extent() directly to update path, avoiding unnecessary<br /> memory allocation and freeing. Also, propagate the error returned by<br /> ext4_find_extent() instead of using strange error codes.