CVE-2024-42104
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's nilfs2 filesystem allows attackers with local access to trigger kernel crashes or potentially execute arbitrary code by mounting specially crafted corrupted filesystem images. This affects systems using the nilfs2 filesystem, primarily Linux servers and workstations.
💻 Affected Systems
- Linux kernel with nilfs2 filesystem support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution
Likely Case
System crash or denial of service through kernel panic when mounting malicious nilfs2 filesystems
If Mitigated
No impact if nilfs2 filesystem is not used or if systems are properly patched
🎯 Exploit Status
Exploitation requires ability to mount malicious nilfs2 filesystem images, typically requiring local access or ability to upload files
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 07c176e7acc5, 1b7d549ed2c1, 265fff1a01cd, 2f2fa9cf7c35, or 3ab40870edb8
Vendor Advisory: https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable nilfs2 module
linuxPrevent loading of nilfs2 kernel module to eliminate attack surface
echo 'install nilfs2 /bin/false' >> /etc/modprobe.d/disable-nilfs2.conf
rmmod nilfs2 2>/dev/null || true
Mount restrictions
linuxRestrict who can mount filesystems using mount permissions
chmod 700 /bin/mount
setfacl -m u:root:rwx /bin/mount
🧯 If You Can't Patch
- Disable nilfs2 filesystem support in kernel configuration
- Implement strict access controls to prevent unauthorized users from mounting filesystems
🔍 How to Verify
Check if Vulnerable:
Check if nilfs2 module is loaded: lsmod | grep nilfs2. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: uname -r and verify with distribution security advisory. Ensure nilfs2 module loads without issues.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- nilfs2 mount failures or corruption warnings
- Use-after-free or lru_add_fn error messages
Network Indicators:
- None - local filesystem attack
SIEM Query:
source="kernel" AND ("nilfs2" OR "use-after-free" OR "lru_add_fn")🔗 References
- https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95
- https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180
- https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf
- https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7
- https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d
- https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131
- https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458
- https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479
- https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95
- https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180
- https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf
- https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7
- https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d
- https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131
- https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875bde0e458
- https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
