CVE-2024-49960
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's ext4 filesystem driver occurs when mounting fails, allowing a timer to remain active after memory is freed. This can lead to kernel crashes or potential privilege escalation. Systems running vulnerable Linux kernel versions with ext4 filesystem support are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level execution if combined with other vulnerabilities.
Likely Case
System instability or kernel crash when mounting ext4 filesystems fails under specific error conditions.
If Mitigated
No impact if patched or if ext4 filesystem mounting doesn't encounter the specific error condition.
🎯 Exploit Status
Requires specific error conditions during ext4 mount failure. Discovered by Syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 0ce160c5bdb67081a62293028dc85758a8efb22a or later
Vendor Advisory: https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid ext4 mount failures
linuxEnsure ext4 filesystems are healthy and mount operations don't fail
# Use fsck to check filesystem health before mounting
fsck.ext4 -p /dev/sdX
🧯 If You Can't Patch
- Monitor for ext4 mount failures in system logs
- Restrict filesystem mount operations to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it contains the vulnerable ext4 code. Use: uname -r and compare with distribution's vulnerability database.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to one containing the fix commits. Check /proc/version or uname -r.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- ext4 mount failure errors
- ODEBUG bug reports in kernel logs
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "ext4" OR "use-after-free" OR "timer")🔗 References
- https://git.kernel.org/stable/c/0ce160c5bdb67081a62293028dc85758a8efb22a
- https://git.kernel.org/stable/c/22e9b83f0f33bc5a7a3181769d1dccbf021f5b04
- https://git.kernel.org/stable/c/7aac0c17a8cdf4a3236991c1e60435c6a984076c
- https://git.kernel.org/stable/c/9203817ba46ebba7c865c8de2aba399537b6e891
- https://git.kernel.org/stable/c/b85569585d0154d4db1e4f9e3e6a4731d407feb0
- https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc
- https://git.kernel.org/stable/c/fa78fb51d396f4f2f80f8e96a3b1516f394258be
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
