CVE-2024-49903
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's JFS filesystem allows race conditions between dbUnmount and jfs_ioc_trim operations, potentially leading to kernel memory corruption. This affects Linux systems using the JFS filesystem. Attackers with local access could exploit this to cause denial of service or potentially escalate privileges.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation allowing full system compromise.
Likely Case
System instability, kernel crashes, or denial of service affecting JFS-mounted filesystems.
If Mitigated
Limited to local users with filesystem access; proper access controls reduce exposure.
🎯 Exploit Status
Requires local access and ability to trigger specific JFS operations. Race condition exploitation adds complexity.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with fixes from the referenced commits
Vendor Advisory: https://git.kernel.org/stable/c/0c238da83f56bb895cab1e5851d034ac45b158d1
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable JFS filesystem
linuxPrevent mounting of JFS filesystems to avoid exposure
modprobe -r jfs
echo 'blacklist jfs' >> /etc/modprobe.d/blacklist.conf
Restrict filesystem operations
linuxLimit access to JFS mount operations
chmod 700 /sbin/mount.jfs
setfacl -m u:root:rwx /sbin/mount.jfs
🧯 If You Can't Patch
- Avoid using JFS filesystem on production systems
- Implement strict access controls to limit who can mount/unmount filesystems
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if JFS module is loaded: uname -r && lsmod | grep jfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for JFS module: uname -r && modinfo jfs | grep version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of use-after-free
- JFS-related errors in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "jfs" OR "dbFreeBits")🔗 References
- https://git.kernel.org/stable/c/0c238da83f56bb895cab1e5851d034ac45b158d1
- https://git.kernel.org/stable/c/3126ccde51f51b0648c8cdccaf916e8bd062e972
- https://git.kernel.org/stable/c/4218b31ecc7af7e191768d32e32ed4386d8f9b76
- https://git.kernel.org/stable/c/4ac58f7734937f3249da734ede946dfb3b1af5e4
- https://git.kernel.org/stable/c/95accb7183badca387f7a8d19a2475cf3089f148
- https://git.kernel.org/stable/c/a9603a6f75df2fd8125cd208c98cfaa0fe3f7505
- https://git.kernel.org/stable/c/d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234
- https://git.kernel.org/stable/c/e7ae14f7ee76c6ef5a48aebab1a278ad78f42619
- https://git.kernel.org/stable/c/fd026b6b6758d5569705c02540b40f3bbf822b9a
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
