CVE-2024-35784
📋 TL;DR
A deadlock vulnerability exists in the Linux kernel's Btrfs filesystem implementation where the fiemap operation holds extent locks for the entire range while copying data to userspace. This can cause a page fault when userspace memory is accessed, leading to a deadlock situation. Systems using Btrfs filesystems with fiemap operations are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system deadlock requiring hard reboot, causing denial of service and potential data corruption if filesystem operations are interrupted.
Likely Case
System becomes unresponsive when fiemap operations trigger page faults on memory-mapped files, requiring intervention to restore service.
If Mitigated
Limited impact with proper monitoring and restart procedures in place, but still causes service disruption.
🎯 Exploit Status
Requires local access and ability to perform fiemap operations on Btrfs filesystems. The vulnerability is a deadlock condition rather than a traditional privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 89bca7fe6382d61e88c67a0b0e7bce315986fb8b, b0ad381fa7690244802aed119b478b4bdafc31dd, ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf
Vendor Advisory: https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid fiemap operations on Btrfs
linuxPrevent applications from using fiemap ioctl on Btrfs filesystems
# Monitor for fiemap usage: strace -e ioctl -p <pid> | grep FIEMAP
# Consider using alternative filesystem monitoring tools
Use alternative filesystems
linuxConsider using ext4, xfs, or other filesystems for critical systems
# Check current filesystem: df -T
# Convert filesystem if possible (requires data migration)
🧯 If You Can't Patch
- Monitor system for deadlock conditions and implement automated restart procedures
- Restrict fiemap operations through SELinux/apparmor policies or by modifying application behavior
🔍 How to Verify
Check if Vulnerable:
Check if system uses Btrfs and kernel version is vulnerable. Run: df -T | grep btrfs && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Check: uname -r and compare with patched versions from your distribution.📡 Detection & Monitoring
Log Indicators:
- System becoming unresponsive
- Kernel panic logs
- Processes stuck in D state (uninterruptible sleep)
- High system load with no CPU usage
Network Indicators:
- None - this is a local filesystem issue
SIEM Query:
source="kernel" AND ("deadlock" OR "hung task" OR "D state") AND process="btrfs"🔗 References
- https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b
- https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd
- https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf
- https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b
- https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd
- https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf
