CVE-2024-57940
📋 TL;DR
A denial-of-service vulnerability in the Linux kernel's exFAT filesystem driver where a corrupted filesystem with a self-referencing cluster chain causes an infinite loop in directory reading. This affects any Linux system using the exFAT filesystem driver. The infinite loop causes system hangs by preventing lock release.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system hang requiring hard reboot, with potential data loss or corruption from interrupted operations.
Likely Case
Local denial-of-service affecting filesystem operations on corrupted exFAT volumes, causing system instability.
If Mitigated
Limited impact to specific corrupted filesystem mounts with no privilege escalation or data exfiltration.
🎯 Exploit Status
Requires ability to create or access corrupted exFAT filesystem. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17 or later
Vendor Advisory: https://git.kernel.org/stable/c/28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version with 'uname -r'.
🔧 Temporary Workarounds
Avoid exFAT mounting
linuxPrevent mounting of untrusted exFAT filesystems
# Remove exFAT module: rmmod exfat
# Blacklist exFAT: echo 'blacklist exfat' > /etc/modprobe.d/blacklist-exfat.conf
🧯 If You Can't Patch
- Restrict filesystem mounting to trusted sources only
- Implement monitoring for system hangs related to filesystem operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if exFAT module is loaded: 'lsmod | grep exfat' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and test with known corrupted exFAT volume📡 Detection & Monitoring
Log Indicators:
- System hangs during filesystem operations
- Kernel lock warnings
- High CPU usage by kernel threads
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
Search for: 'kernel: exfat_readdir' OR 'system hang' OR 'lock contention'🔗 References
- https://git.kernel.org/stable/c/28c21f0ac5293a4bf19b3e0e32005d6dd31a6c17
- https://git.kernel.org/stable/c/31beabd0f47f8c3ed9965ba861c9e5b252d4920a
- https://git.kernel.org/stable/c/d8cfbb8723bd3d3222f360227a1cc15227189ca6
- https://git.kernel.org/stable/c/d9ea94f5cd117d56e573696d0045ab3044185a15
- https://git.kernel.org/stable/c/dc1d7afceb982e8f666e70a582e6b5aa806de063
- https://git.kernel.org/stable/c/fee873761bd978d077d8c55334b4966ac4cb7b59
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
