{"id":"CVE-2024-49983","summary":"ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free\n\nWhen calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(),\nthe 'ppath' is updated but it is the 'path' that is freed, thus potentially\ntriggering a double-free in the following process:\n\next4_ext_replay_update_ex\n  ppath = path\n  ext4_force_split_extent_at(&ppath)\n    ext4_split_extent_at\n      ext4_ext_insert_extent\n        ext4_ext_create_new_leaf\n          ext4_ext_grow_indepth\n            ext4_find_extent\n              if (depth \u003e path[0].p_maxdepth)\n                kfree(path)                 ---\u003e path First freed\n                *orig_path = path = NULL    ---\u003e null ppath\n  kfree(path)                               ---\u003e path double-free !!!\n\nSo drop the unnecessary ppath and use path directly to avoid this problem.\nAnd use ext4_find_extent() directly to update path, avoiding unnecessary\nmemory allocation and freeing. Also, propagate the error returned by\next4_find_extent() instead of using strange error codes.","modified":"2026-03-20T12:39:29.792817Z","published":"2024-10-21T18:02:28.474Z","related":["MGASA-2024-0344","MGASA-2024-0345","SUSE-SU-2024:4314-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4316-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49983.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1b558006d98b7b0b730027be0ee98973dd10ee0d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ff710662e8d86a63a39b334e9ca0cb10e5c14b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6367d3f04c69e2b8770b8137bd800e0784b0abbc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63adc9016917e6970fb0104ee5fd6770f02b2d80"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c26d9e53e5fbacda0732a577e97c5a5b7882aaf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a34bed978364114390162c27e50fca50791c568d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49983.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49983"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2"},{"fixed":"8c26d9e53e5fbacda0732a577e97c5a5b7882aaf"},{"fixed":"a34bed978364114390162c27e50fca50791c568d"},{"fixed":"6367d3f04c69e2b8770b8137bd800e0784b0abbc"},{"fixed":"1b558006d98b7b0b730027be0ee98973dd10ee0d"},{"fixed":"3ff710662e8d86a63a39b334e9ca0cb10e5c14b0"},{"fixed":"63adc9016917e6970fb0104ee5fd6770f02b2d80"},{"fixed":"5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49983.json"}}],"schema_version":"1.7.5"}