CVE-2024-35807
📋 TL;DR
A corruption vulnerability in the Linux kernel's ext4 filesystem occurs during online resize operations on filesystems larger than 16 TiB with 4k block size. The issue causes data corruption when resizing across meta block group boundaries, potentially affecting any system using ext4 filesystems with specific configurations. This affects Linux systems performing online filesystem resizes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Critical data corruption leading to filesystem corruption, data loss, and potential system instability requiring filesystem repair or restoration from backups.
Likely Case
Data corruption in files located across meta block group boundaries during online resize operations, resulting in file integrity issues.
If Mitigated
No impact if filesystem resizes are avoided or performed offline with proper backups.
🎯 Exploit Status
The provided reproduction steps demonstrate the issue, but this is a corruption bug rather than a traditional security exploit. Requires filesystem resize privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 239c669edb2bffa1aa2612519b1d438ab35d6be6, 37b6a3ba793bbbae057f5b991970ebcc52cb3db5, 722d2c01b8b108f8283d1b7222209d5b2a5aa7bd, 75cc31c2e7193b69f5d25650bda5bb42ed92f8a1, a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc
Vendor Advisory: https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Avoid online resize operations
linuxPerform filesystem resizes offline or avoid resizing vulnerable ext4 configurations
Enable resize_inode feature
linuxEnsure resize_inode feature is enabled when creating ext4 filesystems
/sbin/mke2fs -t ext4 -b 4096 -O resize_inode /dev/device size
🧯 If You Can't Patch
- Avoid performing online resize operations on affected ext4 filesystems
- Maintain comprehensive backups before any filesystem resize operations
🔍 How to Verify
Check if Vulnerable:
Check if using ext4 filesystem >16TiB with 4k blocks and resize_inode disabled, or check kernel version against vulnerable rangeCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes the fix commits: uname -r and verify with distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Filesystem corruption errors in kernel logs (dmesg)
- ext4 filesystem errors during resize operations
- Checksum mismatches after resize operations
SIEM Query:
source="kernel" AND ("ext4" AND ("corruption" OR "resize" OR "meta_bg"))🔗 References
- https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6
- https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5
- https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd
- https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1
- https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc
- https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c
- https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a
- https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c
- https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df
- https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6
- https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5
- https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd
- https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1
- https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc
- https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c
- https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a
- https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c
- https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
