CVE-2024-36966
📋 TL;DR
A race condition vulnerability in the Linux kernel's EROFS filesystem implementation can cause a kernel warning when mounting fails. This occurs when the system incorrectly identifies the filesystem mode during cleanup, potentially leading to system instability. Systems using Linux kernel with EROFS support and CONFIG_EROFS_FS_ONDEMAND enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to improper memory handling during filesystem cleanup, causing denial of service.
Likely Case
Kernel warning messages in system logs and potential mount failures for EROFS filesystems, but no privilege escalation or data corruption.
If Mitigated
Minor system log noise with no operational impact when proper kernel patches are applied.
🎯 Exploit Status
Exploitation requires triggering specific race conditions during EROFS mount operations. This appears to be an unintentional bug rather than a security vulnerability designed for exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 or later
Vendor Advisory: https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable EROFS ondemand support
linuxDisable CONFIG_EROFS_FS_ONDEMAND kernel configuration to prevent the vulnerable code path
echo "options erofs nodemand" > /etc/modprobe.d/erofs.conf
update-initramfs -u
reboot
Avoid EROFS mounts
linuxPrevent mounting of EROFS filesystems until patched
chmod 000 /sbin/mount.erofs
echo "erofs" >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Monitor system logs for 'ida_free called for id=0' warnings and investigate any EROFS mount failures
- Implement strict access controls to prevent unauthorized users from mounting filesystems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and configuration: uname -r && grep -i erofs /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commit: git log --oneline | grep -i "7af2ae1b1531feab5d38ec9c8f472dc6cceb4606"📡 Detection & Monitoring
Log Indicators:
- Kernel log messages containing 'ida_free called for id=0 which is not allocated'
- EROFS mount failures in system logs
Network Indicators:
- None - this is a local filesystem issue
SIEM Query:
source="kernel" AND "ida_free called for id=0" OR "EROFS" AND "mount" AND "fail"🔗 References
- https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606
- https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe
- https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371
- https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606
- https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe
- https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371
