CVE-2024-47723
📋 TL;DR
This vulnerability in the Linux kernel's JFS filesystem allows out-of-bounds memory access when processing corrupted disk images. Attackers could potentially crash the system or execute arbitrary code by mounting a maliciously crafted JFS filesystem. All Linux systems using JFS filesystems are affected.
💻 Affected Systems
- Linux kernel with JFS filesystem support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution.
Likely Case
System crash or kernel panic when mounting corrupted JFS filesystems, causing denial of service.
If Mitigated
Limited to denial of service if kernel hardening features like KASLR and SMAP/SMEP are enabled.
🎯 Exploit Status
Requires ability to mount a malicious JFS filesystem, typically needing local access or ability to supply filesystem images to mount operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 0338e66cba27, 128d5cfdcf84, 5ad6284c8d43, 6ce8b6ab44a8, or 96855f40e152
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify JFS module is updated if using module.
🔧 Temporary Workarounds
Disable JFS filesystem support
linuxPrevent loading of JFS kernel module to eliminate attack surface
echo 'install jfs /bin/false' >> /etc/modprobe.d/disable-jfs.conf
rmmod jfs 2>/dev/null || true
Restrict filesystem mounting
linuxLimit who can mount filesystems using mount permissions and namespaces
chmod 700 /bin/mount
chmod 700 /sbin/mount.jfs
🧯 If You Can't Patch
- Avoid using JFS filesystems; migrate to alternative filesystems like ext4 or XFS.
- Implement strict access controls on mount operations and limit users who can mount filesystems.
🔍 How to Verify
Check if Vulnerable:
Check if JFS module is loaded: lsmod | grep jfs. Check kernel version against distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -E '0338e66cba27|128d5cfdcf84|5ad6284c8d43|6ce8b6ab44a8|96855f40e152' /proc/version_signature📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning dbNextAG, diAlloc, or JFS
- System crashes when mounting filesystems
- Unexpected kernel panics
Network Indicators:
- N/A - local exploitation only
SIEM Query:
source="kernel" AND ("JFS" OR "dbNextAG" OR "diAlloc" OR "out-of-bounds")🔗 References
- https://git.kernel.org/stable/c/0338e66cba272351ca9d7d03f3628e390e70963b
- https://git.kernel.org/stable/c/128d5cfdcf844cb690c9295a3a1c1114c21fc15a
- https://git.kernel.org/stable/c/5ad6284c8d433f8a213111c5c44ead4d9705b622
- https://git.kernel.org/stable/c/6ce8b6ab44a8b5918c0ee373d4ad19d19017931b
- https://git.kernel.org/stable/c/96855f40e152989c9e7c20c4691ace5581098acc
- https://git.kernel.org/stable/c/c1ba4b8ca799ff1d99d01f37d7ccb7d5ba5533d2
- https://git.kernel.org/stable/c/d1017d2a0f3f16dc1db5120e7ddbe7c6680425b0
- https://git.kernel.org/stable/c/e63866a475562810500ea7f784099bfe341e761a
- https://git.kernel.org/stable/c/ead82533278502428883085a787d5a00f15e5eb9
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
