oss-sec mailing list archives

Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids()

From: Greg KH <gregkh () linuxfoundation org>
Date: Thu, 10 Apr 2025 15:31:03 +0200

On Thu, Apr 10, 2025 at 12:22:46PM +0000, akendo () akendo eu wrote:

Hey everyone,

Not too sure how or whom to ask about: But I saw that there is CVE-2024-50217 that affects every kernel since 4.8.

However, it is only fixed on more recent version of the linux kernel like 6.11 or 6.12. Any reason this wasn’t 
backported to older kernel versions?


That's usually because no one has taken the time to do so.  Same for the
thousands of other "unfixed" CVEs in older stable kernel trees.

As an example, for the latest 5.4.y stable kernel release, I see that
there are currently 1110 unfixed CVEs as of right now.

Feel free to send backports to the stable () vger kernel org mailing list
if you wish to see specific commits applied to older stable kernel
releases.

thanks,

greg k-h

Current thread:

CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() akendo () akendo eu (Apr 10)
- Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH (Apr 10)
- Re: CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour (Apr 10)