CVE-2024-49882

Public on 2024-10-21
Modified on 2025-01-10
Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: fix double brelse() the buffer of the extents path
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel 2025-04-29 ALAS-2025-1973 Fixed
Amazon Linux 2 - Core kernel 2025-04-30 ALAS2-2025-2843 Fixed
Amazon Linux 2 - Kernel-5.10 Extra kernel 2024-10-31 ALAS2KERNEL-5.10-2024-072 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2024-10-31 ALAS2KERNEL-5.15-2024-056 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2025-01-24 ALAS2KERNEL-5.4-2025-090 Fixed
Amazon Linux 2023 kernel 2025-01-09 ALAS2023-2025-794 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.355-275.572 2025-04-29 ALAS2LIVEPATCH-2025-224 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.355-275.582 2025-04-29 ALAS2LIVEPATCH-2025-227 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.355-275.591 2025-04-29 ALAS2LIVEPATCH-2025-226 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.355-275.603 2025-04-29 ALAS2LIVEPATCH-2025-228 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-4.14.355-276.618 2025-04-29 ALAS2LIVEPATCH-2025-225 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2024-49882 Mitre: CVE-2024-49882