Linux Kernel up to 6.6.20/6.7/6.7.8 cachestat use after free

Summaryinfo

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.20/6.7/6.7.8. This impacts an unknown function of the component cachestat. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-26630. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.20/6.7/6.7.8 (Operating System). This issue affects some unknown functionality of the component cachestat. The manipulation with an unknown input leads to a use after free vulnerability. Using CWE to declare the problem leads to CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to the folio before performing these actions, which means the folio can concurrently be released and reused as another folio/page/slab. Get around this altogether by just using xarray's existing machinery for the folio page offsets and dirty/writeback states. This changes behavior for tmpfs files to now always report zeroes in their dirty and writeback counters. This is okay as tmpfs doesn't follow conventional writeback cache behavior: its pages get "cleaned" during swapout, after which they're no longer resident etc.

The weakness was disclosed 03/13/2024. It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2024-26630 since 02/19/2024. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/04/2025).

Upgrading to version 6.6.21, 6.7.9 or 6.8 eliminates this vulnerability. Applying the patch ba60fdf75e89/fe7e008e0ce7/3a75cb05d53f is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-1293). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• Ubuntu Linux
• IBM DataPower Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.0
• 6.1
• 6.2
• 6.3
• 6.4
• 6.5
• 6.6
• 6.6.0
• 6.6.1
• 6.6.2
• 6.6.3
• 6.6.4
• 6.6.5
• 6.6.6
• 6.6.7
• 6.6.8
• 6.6.9
• 6.6.10
• 6.6.11
• 6.6.12
• 6.6.13
• 6.6.14
• 6.6.15
• 6.6.16
• 6.6.17
• 6.6.18
• 6.6.19
• 6.6.20
• 6.7
• 6.7.0
• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.4
• 6.7.5
• 6.7.6
• 6.7.7
• 6.7.8

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion