{"id":"CVE-2024-49960","summary":"ext4: fix timer use-after-free on failed mount","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix timer use-after-free on failed mount\n\nSyzbot has found an ODEBUG bug in ext4_fill_super\n\nThe del_timer_sync function cancels the s_err_report timer,\nwhich reminds about filesystem errors daily. We should\nguarantee the timer is no longer active before kfree(sbi).\n\nWhen filesystem mounting fails, the flow goes to failed_mount3,\nwhere an error occurs when ext4_stop_mmpd is called, causing\na read I/O failure. This triggers the ext4_handle_error function\nthat ultimately re-arms the timer,\nleaving the s_err_report timer active before kfree(sbi) is called.\n\nFix the issue by canceling the s_err_report timer after calling ext4_stop_mmpd.","modified":"2026-03-20T12:38:12.038523Z","published":"2024-10-21T18:02:13.119Z","related":["MGASA-2024-0344","MGASA-2024-0345","SUSE-SU-2024:3983-1","SUSE-SU-2024:3984-1","SUSE-SU-2024:3985-1","SUSE-SU-2024:3986-1","SUSE-SU-2024:4082-1","SUSE-SU-2024:4131-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49960.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49960.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49960"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5e4f5138bd8522ebe231a137682d3857209a2c07"},{"fixed":"7aac0c17a8cdf4a3236991c1e60435c6a984076c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"618f003199c6188e01472b03cdbba227f1dc5f24"},{"fixed":"22e9b83f0f33bc5a7a3181769d1dccbf021f5b04"},{"fixed":"cf3196e5e2f36cd80dab91ffae402e13935724bc"},{"fixed":"9203817ba46ebba7c865c8de2aba399537b6e891"},{"fixed":"fa78fb51d396f4f2f80f8e96a3b1516f394258be"},{"fixed":"b85569585d0154d4db1e4f9e3e6a4731d407feb0"},{"fixed":"0ce160c5bdb67081a62293028dc85758a8efb22a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"cecfdb9cf9a700d1037066173abac0617f6788df"},{"last_affected":"eb7b40d9d3785f7a131fb0b1f89bb6efa46c1833"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49960.json"}}],"schema_version":"1.7.5"}