{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T01:26:18.731","vulnerabilities":[{"cve":{"id":"CVE-2024-39496","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-12T13:15:12.253","lastModified":"2026-01-06T15:07:04.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix use-after-free due to race with dev replace\n\nWhile loading a zone's info during creation of a block group, we can race\nwith a device replace operation and then trigger a use-after-free on the\ndevice that was just replaced (source device of the replace operation).\n\nThis happens because at btrfs_load_zone_info() we extract a device from\nthe chunk map into a local variable and then use the device while not\nunder the protection of the device replace rwsem. So if there's a device\nreplace operation happening when we extract the device and that device\nis the source of the replace operation, we will trigger a use-after-free\nif before we finish using the device the replace operation finishes and\nfrees the device.\n\nFix this by enlarging the critical section under the protection of the\ndevice replace rwsem so that all uses of the device are done inside the\ncritical section."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs:zoned: corrige el use-after-free debido a la ejecución con el reemplazo de desarrollo. Mientras cargamos la información de una zona durante la creación de un grupo de bloques, podemos ejecutar una operación de reemplazo de dispositivo y luego activar un use-after-free en el dispositivo que acaba de ser reemplazado (dispositivo fuente de la operación de reemplazo). Esto sucede porque en btrfs_load_zone_info() extraemos un dispositivo del mapa de fragmentos en una variable local y luego usamos el dispositivo mientras no está bajo la protección del dispositivo y reemplazamos rwsem. Entonces, si se produce una operación de reemplazo de dispositivo cuando extraemos el dispositivo y ese dispositivo es la fuente de la operación de reemplazo, activaremos un use-after-free si antes de terminar de usar el dispositivo la operación de reemplazo finaliza y libera el dispositivo. Solucione este problema ampliando la sección crítica bajo la protección del dispositivo y reemplace rwsem para que todos los usos del dispositivo se realicen dentro de la sección crítica."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"6.1.95","matchCriteriaId":"5A8C21E9-F184-4280-95B0-1754A2DEC1EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.35","matchCriteriaId":"6F019D15-84C0-416B-8C57-7F51B68992F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.6","matchCriteriaId":"0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0090d6e1b210551e63cf43958dc7a1ec942cdde9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/092571ef9a812566c8f2c9038d9c2a64c49788d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/17765964703b88d8befd899f8501150bb7e07e43","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0cc006f4214b87e70983c692e05bb36c59b5752","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0090d6e1b210551e63cf43958dc7a1ec942cdde9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/092571ef9a812566c8f2c9038d9c2a64c49788d6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/17765964703b88d8befd899f8501150bb7e07e43","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0cc006f4214b87e70983c692e05bb36c59b5752","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}