CVE-2024-47706

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain 1 initial state, three tasks: Process 1 Process 2 Process 3 BIC1 BIC2 BIC3 | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2 bfqq1 merged to bfqq...

CVE-2024-47706

Markdown: CVE-2024-47706 is tied to a Linux kernel issue in the bfq/I/O scheduler where an UAF could occur when bfqq structures are merged across BICs (bfqq1 → bfqq2 → bfqq3). The connected Astra Linux bulletin reproduces the scenario: on insert, a bfqq handle is obtained from the merge chain, bu...