Login Sign Up

CVE-2024-57942

5.5 MEDIUM

📋 TL;DR

A race condition in the Linux kernel's netfs subsystem causes a hang when writing to Ceph filesystems with fsc (filesystem caching) enabled. This affects Linux systems using Ceph storage with cachefilesd enabled, potentially causing denial of service during write operations.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing the vulnerable netfs code (specific versions not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using Ceph filesystem with '-o fsc' mount option and cachefilesd service running.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System hangs during write operations to Ceph filesystems, requiring reboot to restore functionality.

🟠

Likely Case

Intermittent hangs during file writes to Ceph storage, causing application timeouts and degraded performance.

🟢

If Mitigated

No impact if Ceph fsc feature is disabled or cachefilesd is not running.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific Ceph configuration.
🏢 Internal Only: MEDIUM - Affects systems using Ceph storage with caching enabled, potentially disrupting internal services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to write to Ceph filesystem with specific configuration. More of a reliability bug than security vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel commits 38cf8e945721ffe708fa675507465da7f4f2a9f7 and 43b8d3249b0b71bad239d42dbe08ce6c938ba000

Vendor Advisory: https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable Ceph fsc caching

linux

Mount Ceph filesystem without the fsc option to avoid the vulnerable code path

mount -t ceph <server>:/ <mountpoint> -o name=<user>,secret=<key>

Stop cachefilesd service

linux

Disable the cachefiles daemon to prevent cache operations

systemctl stop cachefilesd
systemctl disable cachefilesd

🧯 If You Can't Patch

  • Monitor systems for hangs during Ceph write operations and have reboot procedures ready
  • Implement application-level retry logic for file operations to Ceph storage

🔍 How to Verify

Check if Vulnerable:

Check if Ceph is mounted with fsc: 'mount | grep ceph | grep fsc' and if cachefilesd is running: 'systemctl status cachefilesd'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: 'uname -r' and verify with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

  • Kernel hangs or stalls in dmesg
  • Application timeouts when writing to Ceph filesystems
  • Cachefilesd service errors

Network Indicators:

  • Increased latency to Ceph storage cluster
  • Timeout errors from applications using Ceph

SIEM Query:

source="kernel" AND ("hang" OR "stall") AND "ceph" OR source="cachefilesd" AND error

📊 Metadata

CVE ID: CVE-2024-57942
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.04% exploit probability (10.9th percentile)
Published: January 21, 2025
Last Updated: October 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON