CVE-2024-26973 – This vulnerability in the Linux kernel's FAT fi... (How to Fix)

Q: What is the severity of CVE-2024-26973?

CVE-2024-26973 has a CVSS score of 5.5 (MEDIUM). This vulnerability in the Linux kernel's FAT filesystem driver leaks uninitialized memory when generating file handles without parent directories. It affects systems using the FAT filesystem with nostale filehandles enabled, potentially exposing kernel memory contents to userspace applications. The risk is limited to information disclosure rather than code execution.

📋 TL;DR

This vulnerability in the Linux kernel's FAT filesystem driver leaks uninitialized memory when generating file handles without parent directories. It affects systems using the FAT filesystem with nostale filehandles enabled, potentially exposing kernel memory contents to userspace applications. The risk is limited to information disclosure rather than code execution.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not specified in CVE; check kernel commits for exact range

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using FAT filesystem with nostale filehandles; ext4, xfs, and other filesystems are not affected.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could obtain sensitive kernel memory contents including cryptographic keys, process information, or other privileged data that could facilitate further attacks.

🟠

Likely Case

Limited information disclosure of random kernel memory contents, potentially revealing system state information but unlikely to directly enable privilege escalation.

🟢

If Mitigated

With proper access controls and filesystem isolation, impact is minimal as only users with filesystem access can trigger the vulnerability.

🌐 Internet-Facing: LOW - Requires local filesystem access; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local users or processes with FAT filesystem access could exploit this to gather system information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple file operations can trigger the bug

Exploitation requires local access and ability to interact with FAT filesystem; no authentication bypass needed beyond filesystem permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 03a7e3f2ba3ca25f1da1d3898709a08db14c1abb, 74f852654b8b7866f15323685f1e178d3386c688, 9840d1897e28f8733cc1e38f97e044f987dc0a63, a276c595c3a629170b0f052a3724f755d7c6adc6, b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee

Vendor Advisory: https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable FAT filesystem mounting

linux

Prevent mounting of FAT filesystems to avoid exposure

# Remove FAT module: rmmod fat
# Blacklist FAT module: echo 'blacklist fat' > /etc/modprobe.d/blacklist-fat.conf

Use alternative filesystems

linux

Replace FAT with ext4 or other filesystems for storage

# Convert FAT partition: mkfs.ext4 /dev/sdX1

🧯 If You Can't Patch

Restrict access to FAT filesystems to trusted users only
Implement strict filesystem permissions and monitor for unusual file operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if FAT filesystem is in use: lsmod | grep fat && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check for presence of fix commits in kernel source

📡 Detection & Monitoring

Log Indicators:

Unusual file handle operations on FAT filesystems
Kernel warnings about uninitialized memory

Network Indicators:

None - local vulnerability only

SIEM Query:

process.name="kernel" AND (event.category="memory" OR event.category="filesystem") AND filesystem.type="fat"

📊 Metadata

CVE ID: CVE-2024-26973

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-908

Published: May 1, 2024

Last Updated: March 4, 2025

🔗 References

https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb Mailing List,Patch
https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688 Mailing List,Patch
https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63 Mailing List,Patch
https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6 Mailing List,Patch
https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee Mailing List,Patch
https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375 Mailing List,Patch
https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6 Mailing List,Patch
https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f Mailing List,Patch
https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c Mailing List,Patch
https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb Mailing List,Patch
https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688 Mailing List,Patch
https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63 Mailing List,Patch
https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6 Mailing List,Patch
https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee Mailing List,Patch
https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375 Mailing List,Patch
https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6 Mailing List,Patch
https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f Mailing List,Patch
https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c Mailing List,Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26973, you might also want to check these: