CVE-2024-49880
📋 TL;DR
This CVE describes an off-by-one buffer overflow vulnerability in the Linux kernel's ext4 filesystem resize functionality. The flaw in alloc_flex_gd() allows attackers to trigger a kernel panic (denial of service) when manipulating filesystem sizes. Systems using ext4 filesystems with specific resize operations are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss during filesystem operations.
Likely Case
System crash when performing filesystem resize operations, requiring reboot and potentially interrupting services.
If Mitigated
No impact if resize operations are not performed or if proper access controls prevent unauthorized users from executing resize operations.
🎯 Exploit Status
Exploitation requires local access and ability to execute privileged filesystem resize operations. The vulnerability is triggered through specific resize2fs commands.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0d80d2b8bf613398baf7185009e35f9d0459ecb0, 6121258c2b33ceac3d21f6a221452692c465df88, or acb559d6826116cc113598640d105094620c2526 applied
Vendor Advisory: https://git.kernel.org/stable/c/0d80d2b8bf613398baf7185009e35f9d0459ecb0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Restrict filesystem resize operations
linuxLimit access to resize2fs and filesystem resize capabilities to prevent triggering the vulnerability
chmod 750 /sbin/resize2fs
setcap -r /sbin/resize2fs
Avoid ext4 resize operations
linuxTemporarily avoid resizing ext4 filesystems until patched
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from performing filesystem resize operations
- Monitor for resize2fs execution and filesystem resize attempts in system logs
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ext4 resize operations cause kernel panic with specific resize parameters as described in CVECheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or test resize operations that previously triggered the issue📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages related to ext4_resize_fs
- System crashes during filesystem resize operations
- resize2fs command failures with kernel BUG messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND "EXT4-fs" AND "resizing" AND ("BUG" OR "panic")