CVE-2024-40962
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's BTRFS filesystem for zoned storage devices can cause kernel panics and system crashes when performing NOCOW (No Copy-On-Write) writes on conventional zones. This affects systems using BTRFS with zoned storage emulation or actual zoned devices. The vulnerability is triggered during specific write operations when checksum lists are improperly handled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential data corruption or loss, and denial of service.
Likely Case
System crash or kernel panic during specific BTRFS write operations on zoned storage configurations.
If Mitigated
No impact if patched or if BTRFS zoned mode is not used.
🎯 Exploit Status
Requires local access and ability to perform specific BTRFS write operations on zoned storage. Triggered during normal filesystem operations rather than malicious exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 082b3d4e788953a3ff42ecdb70c4210149076285, 25cfe59f4470a051d1b80f51fa0ca3a5048e4a19, or cebae292e0c32a228e8f2219c270a7237be24a6a
Vendor Advisory: https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check with your distribution for specific kernel package updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable BTRFS zoned mode
linuxAvoid using BTRFS with zoned storage if not required
# Mount BTRFS without zoned support if possible
# Consider using different filesystem for zoned storage
Avoid NOCOW writes on zoned BTRFS
linuxConfigure applications to avoid NOCOW writes on zoned BTRFS volumes
# Set chattr +C on directories to disable COW
# chattr +C /path/to/directory
🧯 If You Can't Patch
- Avoid using BTRFS with zoned storage emulation or actual zoned devices
- Monitor systems for kernel panic logs related to btrfs_zone_finish_endio
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using BTRFS with zoned mode. Run: uname -r and check if BTRFS zoned volumes are mountedCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than affected versions. Check dmesg for absence of btrfs_zone_finish_endio errors📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages containing 'btrfs_zone_finish_endio'
- NULL pointer dereference errors in kernel logs
- BTRFS assertion failures in system logs
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("btrfs_zone_finish_endio" OR "NULL pointer dereference" OR "general protection fault")🔗 References
- https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285
- https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19
- https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a
- https://git.kernel.org/stable/c/082b3d4e788953a3ff42ecdb70c4210149076285
- https://git.kernel.org/stable/c/25cfe59f4470a051d1b80f51fa0ca3a5048e4a19
- https://git.kernel.org/stable/c/cebae292e0c32a228e8f2219c270a7237be24a6a
