CVE-2024-42079
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's GFS2 filesystem. When unmounting a GFS2 filesystem while glock work is still processing, a race condition can cause the kernel to crash. This affects systems using the GFS2 clustered filesystem.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss in clustered environments.
Likely Case
System crash or kernel panic requiring reboot, causing temporary denial of service.
If Mitigated
No impact if GFS2 filesystem is not mounted or if patched kernel is used.
🎯 Exploit Status
Requires local access and ability to mount/unmount GFS2 filesystems. Race condition makes timing-dependent.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 3429ef5f50909cee9e498c50f0c499b9397116ce, 35264909e9d1973ab9aaa2a1b07cda70f12bb828, 5f6a84cfb33b34610623857bd93919dcb661e29b, f54f9d5368a4e92ede7dd078a62788dae3a7c6ef
Vendor Advisory: https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid GFS2 usage
linuxDo not mount or use GFS2 filesystems on vulnerable systems
umount /path/to/gfs2/mount
modprobe -r gfs2
🧯 If You Can't Patch
- Avoid unmounting GFS2 filesystems while active I/O is occurring
- Implement strict access controls to prevent unauthorized users from mounting/unmounting filesystems
🔍 How to Verify
Check if Vulnerable:
Check if GFS2 is in use: 'mount | grep gfs2' and 'lsmod | grep gfs2'. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Check with 'uname -r' and compare against distribution security advisories.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/messages or dmesg
- NULL pointer dereference errors mentioning gfs2_log_flush
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
Search for: 'kernel panic' OR 'NULL pointer dereference' AND 'gfs2' OR 'gfs2_log_flush'🔗 References
- https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
- https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828
- https://git.kernel.org/stable/c/5f6a84cfb33b34610623857bd93919dcb661e29b
- https://git.kernel.org/stable/c/c3c5cfa3170c0940bc66a142859caac07d19b9d6
- https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef
- https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce
- https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828
- https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef
