A flaw found in the Linux Kernel. For the Ext4 file system if overlay FS being used, use after free could happen as result of the race condition. The bug actual if patch 9a2544037600 not applied yet. Example for triggering in a overlay on ext4 setup: aio_read ovl_read_iter vfs_iter_read ext4_file_read_iter ext4_dio_read_iter iomap_dio_rw -> -EIOCBQUEUED /* * Here IO is completed in a separate thread, * ovl_aio_cleanup_handler() frees aio_req which has iocb embedded */ file_accessed(iocb->ki_filp); /**BOOM**/ Reference: https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2176141]
This was fixed for Fedora with the 5.14.19 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:8107 https://access.redhat.com/errata/RHSA-2024:8107
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:8614 https://access.redhat.com/errata/RHSA-2024:8614
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:8613 https://access.redhat.com/errata/RHSA-2024:8613