CVE-2024-49956

Summary

In the Linux kernel, the following vulnerability has been resolved:

gfs2: fix double destroy_workqueue error

When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue again.

This issue can be fixed by setting the work queue pointer to NULL after the first destroy_workqueue() call and checking for a NULL pointer before attempting to destroy the work queue again.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux30e388d573673474cbd089dec83688331c117add < a5336035728d77efd76306940d742a6f23debe68affected
LinuxLinux30e388d573673474cbd089dec83688331c117add < 6cb9df81a2c462b89d2f9611009ab43ae8717841affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References