CVE-2024-49854 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-49854?

CVE-2024-49854 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler. An attacker with local access can trigger memory corruption by exploiting improper handling of waker_bfqq pointers after queue splitting, potentially leading to privilege escalation or system crashes. All Linux systems using the BFQ scheduler are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler. An attacker with local access can trigger memory corruption by exploiting improper handling of waker_bfqq pointers after queue splitting, potentially leading to privilege escalation or system crashes. All Linux systems using the BFQ scheduler are affected.

💻 Affected Systems

Products:

Linux kernel with BFQ I/O scheduler enabled

Versions: Kernel versions containing the vulnerable code from commit 42c306ed7233 until patched versions

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if BFQ scheduler is enabled (not default on most distributions). Check if BFQ is in use via 'cat /sys/block/*/queue/scheduler'.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise, or kernel panic causing denial of service.

🟠

Likely Case

Kernel panic leading to system crash and denial of service, or privilege escalation to gain elevated permissions.

🟢

If Mitigated

Limited impact if proper access controls restrict local user privileges and system hardening is implemented.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any user with local shell access could potentially exploit this to gain root privileges or crash the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel commits: 0780451f03bf, 0b8bda0ff171, 1ba0403ac644, 63a07379fdb6, cae58d19121a

Vendor Advisory: https://git.kernel.org/stable/c/0780451f03bf518bc032a7c584de8f92e2d39d7f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable BFQ scheduler

linux

Switch to alternative I/O scheduler like CFQ or deadline to avoid vulnerable code path

echo cfq > /sys/block/[DEVICE]/queue/scheduler

🧯 If You Can't Patch

Restrict local user access and implement strict privilege separation
Monitor system logs for kernel panics or unusual behavior indicating exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if BFQ scheduler is active: 'uname -r' and 'cat /sys/block/*/queue/scheduler | grep -i bfq'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and test with kernel module that would trigger the UAF condition

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
OOM killer activity related to BFQ processes
System crashes or unexpected reboots

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault") AND process="bfq"

📊 Metadata

CVE ID: CVE-2024-49854

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49854, you might also want to check these: