CVE-2024-26704: ext4: fix double-free of blocks due to wrong extents moved_len

Published Apr 3, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix double-free of blocks due to wrong extents movedlen

In ext4moveextents(), movedlen is only updated when all moves are successfully executed, and only discards originode and donorinode preallocations when movedlen is not zero. When the loop fails to exit after successfully moving some extents, movedlen is not updated and remains at 0, so it does not discard the preallocations.

If the moved extents overlap with the preallocated extents, the overlapped extents are freed twice in ext4mbreleaseinodepa() and ext4processfreeddata() (as described in commit 94d7c16cbbbd ("ext4: Fix double-free of blocks with EXT4IOCMOVEEXT")), and bbfree is incremented twice. Hence when trim is executed, a zero-division bug is triggered in mbupdateavgfragmentsize() because bbfree is not zero and bbfragments is zero.

Therefore, update movelen after each extent move to avoid the issue.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix double-free of blocks due to wrong extents movedlen

The Linux kernel CVE team has assigned CVE-2024-26704 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040340-CVE-2024-26704-a082@gregkh/T

Red Hat

Affected Software

23 affected componentsFixes available
redhat/kernel<4.19.307
4.19.307
redhat/kernel<5.4.269
5.4.269
redhat/kernel<5.10.210
5.10.210
redhat/kernel<5.15.149
5.15.149
redhat/kernel<6.1.79
6.1.79
redhat/kernel<6.6.18
6.6.18
redhat/kernel<6.7.6
6.7.6
redhat/kernel<6.8
6.8
Linux Linux kernel>=3.18<4.19.307
Linux Linux kernel>=4.20<5.4.269
Linux Linux kernel>=5.5<5.10.210
Linux Linux kernel>=5.11<5.15.149
Linux Linux kernel>=5.16<6.1.79
Linux Linux kernel>=6.2<6.6.18
Linux Linux kernel>=6.7<6.7.6
Linux Linux kernel=6.8-rc1
Linux Linux kernel=6.8-rc2
Debian Debian Linux=10.0
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.27-1

Remediation

Patch Available

https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1

Patch Available

https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f

Patch Available

https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4

Patch Available

https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6

Patch Available

https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1

Patch Available

https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1

Patch Available

https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71

Patch Available

https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537

Event History

Apr 3, 2024
CVE Published
via MITRE·02:55 PM
Data Sourced
via MITRE·02:55 PM
Description
Data Sourced
via Red Hat·11:43 PM
DescriptionSeverityAffected Software
May 7, 2024
Data Sourced
via Launchpad·08:28 PM
Description
May 7, 2025
Data Sourced
via Ubuntu·06:14 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26704?

CVE-2024-26704 is considered a moderate severity vulnerability due to its potential impact on system stability.

2

How do I fix CVE-2024-26704?

To mitigate CVE-2024-26704, update your Linux kernel to one of the patched versions listed, such as 4.19.307 or 5.4.269.

3

Which Linux kernel versions are affected by CVE-2024-26704?

CVE-2024-26704 affects multiple Linux kernel versions, specifically those prior to 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.79, and others.

4

What is the specific issue described in CVE-2024-26704?

CVE-2024-26704 involves a double-free of blocks in the ext4 file system due to incorrect management of moved_len in ext4_move_extents function.

5

Is my system vulnerable to CVE-2024-26704 if it's running an affected Linux kernel?

Yes, if your system is running an affected version of the Linux kernel that has not been updated, it is vulnerable to CVE-2024-26704.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203