Linux Kernel OCFS2 Slab-Use-After-Free Vulnerability in Quota Management

Vulnerability

A slab-use-after-free vulnerability has been identified in the Linux kernel's OCFS2 file system. This issue arises when OCFS2 is mounted and then remounted as read-only. During this process, a dangling pointer, dqi_priv, is created after a syscall to quota_getnextquota is used. The pointer is freed during the remounting but not set to null, leading to unauthorized access. Additionally, the read-only remounting applies the DQUOT_SUSPENDED flag instead of the DQUOT_USAGE_ENABLED flag, causing further complications in quota management.

Impact

Exploitation of this vulnerability can lead to use-after-free conditions, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel OCFS2 Slab-Use-After-Free Vulnerability in Quota Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating