CVE-2024-57929
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's device-mapper array cursor implementation allows double-freeing of memory blocks when reading corrupted array blocks. This affects Linux systems using device-mapper cache targets. The vulnerability can cause kernel panics and system crashes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption in active storage operations.
Likely Case
System crash when accessing corrupted device-mapper cache metadata, resulting in temporary denial of service until system reboot.
If Mitigated
No impact if device-mapper cache is not used or if array blocks are not corrupted.
🎯 Exploit Status
Exploitation requires ability to corrupt device-mapper array blocks and trigger cache operations. Requires local access or ability to manipulate storage devices.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 017c4470bff53585370028fec9341247bad358ff or later
Vendor Advisory: https://git.kernel.org/stable/c/017c4470bff53585370028fec9341247bad358ff
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable device-mapper cache
allAvoid using device-mapper cache targets which trigger the vulnerable code path
dmsetup remove cache
dmsetup remove cmeta
dmsetup remove cdata
dmsetup remove corig
🧯 If You Can't Patch
- Avoid using device-mapper cache functionality
- Implement strict access controls to prevent unauthorized storage device manipulation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if device-mapper cache is in use: 'uname -r' and 'dmsetup status | grep cache'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test with dm-unit array_cursor/damaged test if available📡 Detection & Monitoring
Log Indicators:
- Kernel BUG at drivers/md/dm-bufio.c
- device-mapper: array: array_block_check failed
- device-mapper: block manager: array validator check failed
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("dm-bufio.c" OR "array_block_check failed" OR "array validator check failed")🔗 References
- https://git.kernel.org/stable/c/017c4470bff53585370028fec9341247bad358ff
- https://git.kernel.org/stable/c/6002bec5354f86d1a2df21468f68e3ec03ede9da
- https://git.kernel.org/stable/c/738994872d77e189b2d13c501a1d145e95d98f46
- https://git.kernel.org/stable/c/9c7c03d0e926762adf3a3a0ba86156fb5e19538b
- https://git.kernel.org/stable/c/e477021d252c007f0c6d45b5d13d341efed03979
- https://git.kernel.org/stable/c/f2893c0804d86230ffb8f1c8703fdbb18648abc8
- https://git.kernel.org/stable/c/fc1ef07c3522e257e32702954f265debbcb096a7
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
