{"id":"CVE-2024-0562","details":"A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.","modified":"2026-03-13T07:51:00.778444Z","published":"2024-01-15T19:15:08.120Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0412"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-0562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2258475"},{"type":"FIX","url":"https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0562.json","unresolved_ranges":[{"events":[{"introduced":"5.15"},{"fixed":"5.15.164"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.19.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}