CVE-2024-40935
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's cachefiles subsystem can cause a kernel hang (hung_task) when the cache is marked as dead in ondemand mode. This affects Linux systems using cachefiles with ondemand mode enabled, potentially leading to denial of service. Attackers with local access could trigger this to disrupt system operations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker triggers kernel hang causing complete system unresponsiveness requiring hard reboot, leading to extended downtime and potential data loss.
Likely Case
Local user or misconfigured service triggers denial of service on affected system, causing temporary unavailability of services.
If Mitigated
Minimal impact with proper access controls limiting local user privileges and monitoring for hung tasks.
🎯 Exploit Status
Requires local access and knowledge of cachefiles subsystem. Triggering requires specific conditions in ondemand mode.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 320ba9cbca78be79c912143bbba1d1b35ca55cf0, 3bf0b8030296e9ee60d3d4c15849ad9ac0b47081, 85e833cd7243bda7285492b0653c3abb1e2e757b, e73fac95084839c5178d97e81c6a2051251bdc00
Vendor Advisory: https://git.kernel.org/stable/c/320ba9cbca78be79c912143bbba1d1b35ca55cf0
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable cachefiles ondemand mode
linuxDisable the cachefiles daemon or configure it to not use ondemand mode
systemctl stop cachefilesd
systemctl disable cachefilesd
Restrict local user access
linuxImplement strict access controls to limit who can interact with cachefiles subsystem
🧯 If You Can't Patch
- Disable cachefiles subsystem entirely if not required for system functionality
- Implement monitoring for hung_task events and have incident response procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if cachefilesd is running and ondemand mode is enabled: systemctl status cachefilesd; check /etc/cachefilesd.conf for 'mode ondemand'Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits: uname -r; check kernel changelog for commit hashes📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing hung_task warnings
- cachefilesd daemon errors or crashes
- System becoming unresponsive with high D state processes
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "hung_task" OR "cachefiles" AND "dead"🔗 References
- https://git.kernel.org/stable/c/320ba9cbca78be79c912143bbba1d1b35ca55cf0
- https://git.kernel.org/stable/c/3bf0b8030296e9ee60d3d4c15849ad9ac0b47081
- https://git.kernel.org/stable/c/85e833cd7243bda7285492b0653c3abb1e2e757b
- https://git.kernel.org/stable/c/e73fac95084839c5178d97e81c6a2051251bdc00
- https://git.kernel.org/stable/c/320ba9cbca78be79c912143bbba1d1b35ca55cf0
- https://git.kernel.org/stable/c/3bf0b8030296e9ee60d3d4c15849ad9ac0b47081
- https://git.kernel.org/stable/c/85e833cd7243bda7285492b0653c3abb1e2e757b
- https://git.kernel.org/stable/c/e73fac95084839c5178d97e81c6a2051251bdc00
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
