CVE-2024-47699
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's nilfs2 filesystem driver allows local attackers to crash the system (kernel panic) by accessing specially crafted corrupted filesystem images. This affects systems using the nilfs2 filesystem with vulnerable kernel versions. The vulnerability requires local access to mount or access corrupted filesystem images.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or corruption if the crash occurs during critical operations.
Likely Case
Local denial of service through kernel panic when accessing corrupted nilfs2 filesystem images.
If Mitigated
Minimal impact if systems don't use nilfs2 filesystem or have proper access controls preventing local users from mounting arbitrary filesystem images.
🎯 Exploit Status
Exploitation requires local access and ability to mount corrupted nilfs2 filesystem images. Discovered through syzbot fuzzing, not known to be actively exploited.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commit hashes provided in references
Vendor Advisory: https://git.kernel.org/stable/c/1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable nilfs2 module
linuxPrevent loading of nilfs2 kernel module to eliminate attack surface
echo 'install nilfs2 /bin/false' >> /etc/modprobe.d/disable-nilfs2.conf
rmmod nilfs2 2>/dev/null || true
Restrict filesystem mounting
linuxLimit which users can mount filesystems using sudoers or other access controls
🧯 If You Can't Patch
- Disable nilfs2 kernel module loading via modprobe blacklist
- Implement strict access controls to prevent unauthorized users from mounting filesystems
🔍 How to Verify
Check if Vulnerable:
Check if nilfs2 module is loaded: lsmod | grep nilfs2. Check kernel version against patched releases from your distribution.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and nilfs2 module is either not loaded or from patched kernel.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning nilfs2 or nilfs_btree_insert
SIEM Query:
source="kernel" AND ("nilfs2" OR "nilfs_btree_insert" OR "NULL pointer dereference")🔗 References
- https://git.kernel.org/stable/c/1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343
- https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34
- https://git.kernel.org/stable/c/24bf40740a3da6b4056721da34997ae6938f3da1
- https://git.kernel.org/stable/c/2b78e9df10fb7f4e9d3d7a18417dd72fbbc1dfd0
- https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b
- https://git.kernel.org/stable/c/73d23ecf234b7a6d47fb883f2dabe10e3230b31d
- https://git.kernel.org/stable/c/9403001ad65ae4f4c5de368bdda3a0636b51d51a
- https://git.kernel.org/stable/c/db73500d3f0e558eb642aae1d4782e7726b4a03f
- https://git.kernel.org/stable/c/f68523e0f26faade18833fbef577a4295d8e2c94
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
