CVE-2024-53166 in Linux정보

요약

\~에 의해 VulDB • 2026. 05. 11.

리눅스 커널에서 다음 취약점이 해결되었습니다:

block, bfq: bfq_limit_depth()에서 bfqq의 UAF(Use-After-Free) 수정

새로 할당된 bfqq를 bic에 할당하거나 해제된 bfqq를 bic에서 제거하는 작업은 모두 bfqd->lock에 의해 보호되지만, bfq_limit_depth()는 락 없이 bic에서 bfqq를 역참조합니다. 이로 인해 io_context가 여러 작업(task)에 의해 공유될 경우 UAF가 발생할 수 있습니다.

예를 들어, io_uring와 함께 bfq를 테스트하면 v6.6에서 다음과 같은 UAF를 트리거할 수 있습니다:

================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50

Call Trace: dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_alloc_requests+0x100/0x180 blk_mq_submit_bio+0x103/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __blkdev_direct_IO_async+0x2dd/0x330 blkdev_write_iter+0x39a/0x450 io_write+0x22a/0x840 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30

Freed by task 808589: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 __kasan_slab_free+0x126/0x1b0 kmem_cache_free+0x10c/0x750 bfq_put_queue+0x2dd/0x770 __bfq_insert_request.isra.0+0x155/0x7a0 bfq_insert_request.isra.0+0x122/0x480 bfq_insert_requests+0x156/0x180 blk_mq_dispatch_plug_list+0x528/0x7e0 blk_mq_flush_plug_list.part.0+0xe5/0x590 __blk_flush_plug+0x3b/0x90 blk_finish_plug+0x40/0x60 do_writepages+0x19d/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30

Fix the problem by protecting bic_to_bfqq() with bfqd->lock.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Linux

예약하다

2024. 11. 19.

모더레이션

수락

항목

VDB-289416

EPSS

0.00009

KEV

아니요

활동

매우 낮음

부문

Industry, Government, ...

출처

MITREhttps://www.cve.org/CVERecord?id=CVE-2024-53166
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-53166
CVE Detailshttps://www.cvedetails.com/cve/CVE-2024-53166/

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!