A use-after-free problem was found when a disk is removed, bdi_unregister gets called to stop further writeback and wait for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback. Refer: https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412
This comment was flagged a spam, view the edit history to see the original text if required.
Why are you raising CVEs for issues that were fixed and backported 18 months ago? This is wasting a lot of people's precious time.
In reply to comment #7: > Why are you raising CVEs for issues that were fixed and backported 18 months > ago? > > This is wasting a lot of people's precious time. This one is for backport to older versions of Red Hat Linux, because original request was: "reported experiencing a UAF in RHEL8.6." (and it is not actual for version 8.8 and later, because the patch already applied there at the moment of this report).