CVE-2024-26704

ext4: fix double-free of blocks due to wrong extents moved_len

References

Notes

 carnil> Introduced in fcf6b1b729bc ("ext4: refactor ext4_move_extents code base").
 carnil> Vulnerable versions: 3.18-rc2.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable released (4.19.307) [b4fbb89d722cbb16beaaea234b7230faaaf68c71]
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.210) [d033a555d9a1cf53dbf3301af7199cc4a4c8f537]
6.1-bookworm-security released (6.1.82-1)
6.1-upstream-stable released (6.1.79) [185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1]
6.6-upstream-stable released (6.6.18) [2883940b19c38d5884c8626483811acf4d7e148f]
6.8-upstream-stable N/A "Fixed before branching point"
sid released (6.7.7-1)
upstream released (6.8-rc3) [55583e899a5357308274601364741a83e78d6ac4]