CVE-2024-26658: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: bcachefs: grab s_umount only if snapshotting When I was testing mongodb over bcachefs with compression, there is a lockdep warning when snapshotting mongodb data volume. $ cat test.sh prog=bcachefs $prog subvolume create /mnt/data $prog subvolume create /mnt/data/snapshots while true;do $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s) sleep 1s done $ cat /etc/mongodb.conf systemLog: destination: file logAppend: true path: /mnt/data/mongod.log storage: dbPath: /mnt/data/ lockdep reports: [ 3437.452330] ====================================================== [ 3437.452750] WARNING: possible circular locking dependency detected [ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G E [ 3437.453562] ------------------------------------------------------ [ 3437.453981] bcachefs/35533 is trying to acquire lock: [ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190 [ 3437.454875] but task is already holding lock: [ 3437.455268] ffffa0a02b2b10e0 (&type->s_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs] [ 3437.456009] which lock already depends on the new lock. [ 3437.456553] the existing dependency chain (in reverse order) is: [ 3437.457054] -> #3 (&type->s_umount_key#48){.+.+}-{3:3}: [ 3437.457507] down_read+0x3e/0x170 [ 3437.457772] bch2_fs_file_ioctl+0x232/0xc90 [bcachefs] [ 3437.458206] __x64_sys_ioctl+0x93/0xd0 [ 3437.458498] do_syscall_64+0x42/0xf0 [ 3437.458779] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.459155] -> #2 (&c->snapshot_create_lock){++++}-{3:3}: [ 3437.459615] down_read+0x3e/0x170 [ 3437.459878] bch2_truncate+0x82/0x110 [bcachefs] [ 3437.460276] bchfs_truncate+0x254/0x3c0 [bcachefs] [ 3437.460686] notify_change+0x1f1/0x4a0 [ 3437.461283] do_truncate+0x7f/0xd0 [ 3437.461555] path_openat+0xa57/0xce0 [ 3437.461836] do_filp_open+0xb4/0x160 [ 3437.462116] do_sys_openat2+0x91/0xc0 [ 3437.462402] __x64_sys_openat+0x53/0xa0 [ 3437.462701] do_syscall_64+0x42/0xf0 [ 3437.462982] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.463359] -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}: [ 3437.463843] down_write+0x3b/0xc0 [ 3437.464223] bch2_write_iter+0x5b/0xcc0 [bcachefs] [ 3437.464493] vfs_write+0x21b/0x4c0 [ 3437.464653] ksys_write+0x69/0xf0 [ 3437.464839] do_syscall_64+0x42/0xf0 [ 3437.465009] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.465231] -> #0 (sb_writers#10){.+.+}-{0:0}: [ 3437.465471] __lock_acquire+0x1455/0x21b0 [ 3437.465656] lock_acquire+0xc6/0x2b0 [ 3437.465822] mnt_want_write+0x46/0x1a0 [ 3437.465996] filename_create+0x62/0x190 [ 3437.466175] user_path_create+0x2d/0x50 [ 3437.466352] bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs] [ 3437.466617] __x64_sys_ioctl+0x93/0xd0 [ 3437.466791] do_syscall_64+0x42/0xf0 [ 3437.466957] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.467180] other info that might help us debug this: [ 3437.469670] 2 locks held by bcachefs/35533: other info that might help us debug this: [ 3437.467507] Chain exists of: sb_writers#10 --> &c->snapshot_create_lock --> &type->s_umount_key#48 [ 3437.467979] Possible unsafe locking scenario: [ 3437.468223] CPU0 CPU1 [ 3437.468405] ---- ---- [ 3437.468585] rlock(&type->s_umount_key#48); [ 3437.468758] lock(&c->snapshot_create_lock); [ 3437.469030] lock(&type->s_umount_key#48); [ 3437.469291] rlock(sb_writers#10); [ 3437.469434] *** DEADLOCK *** [ 3437.469 ---truncated---
AI Analysis
Technical Summary
CVE-2024-26658 is a vulnerability identified in the Linux kernel specifically affecting the bcachefs filesystem module. The issue arises from an unsafe locking scenario involving the s_umount lock during snapshot operations. The vulnerability was discovered during testing of MongoDB data volumes stored on bcachefs with compression enabled, where kernel lock dependency (lockdep) warnings indicated a possible circular locking dependency and potential deadlock conditions. The problem manifests when the bcachefs filesystem attempts to grab the s_umount lock unconditionally during snapshot creation, leading to a circular lock dependency chain involving sb_writers, snapshot_create_lock, and s_umount_key locks. This can cause deadlocks in kernel space, resulting in system hangs or crashes when snapshotting operations are performed concurrently with file operations such as writes or truncates. The vulnerability is rooted in kernel-level locking logic and affects the integrity and availability of systems using bcachefs snapshots. The fix involves modifying the locking behavior to only acquire the s_umount lock if snapshotting is actually occurring, thereby breaking the circular dependency and preventing deadlocks. This vulnerability is specific to Linux kernel versions containing the affected bcachefs code and is relevant to environments using bcachefs for storage, especially where snapshotting is frequent or automated, such as database storage volumes (e.g., MongoDB). No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26658 can be significant in environments relying on Linux servers with bcachefs for storage, particularly those using snapshot features for backup, data versioning, or database storage. The vulnerability can cause kernel deadlocks leading to system unavailability or crashes, which may disrupt critical services and applications. This is especially impactful for enterprises running database workloads (like MongoDB) on bcachefs volumes, as automated snapshotting could trigger the deadlock. The resulting downtime could affect business continuity, data integrity during snapshot operations, and operational efficiency. While the vulnerability does not appear to allow privilege escalation or direct data leakage, the availability impact on production systems can be severe. Organizations with high reliance on Linux-based storage solutions and automated snapshot workflows are at higher risk. Given the kernel-level nature, recovery from deadlocks may require system reboots, causing service interruptions. The absence of known exploits reduces immediate risk, but the complexity of the issue and its kernel-level impact warrant prompt attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-26658 as soon as they become available from trusted sources or Linux distributions. 2. Until patches are applied, consider disabling or limiting snapshot operations on bcachefs volumes, especially automated frequent snapshots, to reduce the risk of triggering deadlocks. 3. Monitor kernel logs for lockdep warnings or deadlock symptoms related to bcachefs snapshotting to detect potential issues early. 4. For critical systems, implement redundancy and failover mechanisms to minimize downtime in case of kernel hangs. 5. Evaluate alternative filesystems or storage configurations if snapshotting on bcachefs is essential but patching is delayed. 6. Engage with Linux distribution vendors for backported fixes if using long-term support kernels. 7. Conduct thorough testing of snapshot workflows post-patch to ensure stability and absence of deadlocks. 8. Maintain updated backups independent of snapshot mechanisms to ensure data recovery capability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-26658: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: bcachefs: grab s_umount only if snapshotting When I was testing mongodb over bcachefs with compression, there is a lockdep warning when snapshotting mongodb data volume. $ cat test.sh prog=bcachefs $prog subvolume create /mnt/data $prog subvolume create /mnt/data/snapshots while true;do $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s) sleep 1s done $ cat /etc/mongodb.conf systemLog: destination: file logAppend: true path: /mnt/data/mongod.log storage: dbPath: /mnt/data/ lockdep reports: [ 3437.452330] ====================================================== [ 3437.452750] WARNING: possible circular locking dependency detected [ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G E [ 3437.453562] ------------------------------------------------------ [ 3437.453981] bcachefs/35533 is trying to acquire lock: [ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190 [ 3437.454875] but task is already holding lock: [ 3437.455268] ffffa0a02b2b10e0 (&type->s_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs] [ 3437.456009] which lock already depends on the new lock. [ 3437.456553] the existing dependency chain (in reverse order) is: [ 3437.457054] -> #3 (&type->s_umount_key#48){.+.+}-{3:3}: [ 3437.457507] down_read+0x3e/0x170 [ 3437.457772] bch2_fs_file_ioctl+0x232/0xc90 [bcachefs] [ 3437.458206] __x64_sys_ioctl+0x93/0xd0 [ 3437.458498] do_syscall_64+0x42/0xf0 [ 3437.458779] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.459155] -> #2 (&c->snapshot_create_lock){++++}-{3:3}: [ 3437.459615] down_read+0x3e/0x170 [ 3437.459878] bch2_truncate+0x82/0x110 [bcachefs] [ 3437.460276] bchfs_truncate+0x254/0x3c0 [bcachefs] [ 3437.460686] notify_change+0x1f1/0x4a0 [ 3437.461283] do_truncate+0x7f/0xd0 [ 3437.461555] path_openat+0xa57/0xce0 [ 3437.461836] do_filp_open+0xb4/0x160 [ 3437.462116] do_sys_openat2+0x91/0xc0 [ 3437.462402] __x64_sys_openat+0x53/0xa0 [ 3437.462701] do_syscall_64+0x42/0xf0 [ 3437.462982] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.463359] -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}: [ 3437.463843] down_write+0x3b/0xc0 [ 3437.464223] bch2_write_iter+0x5b/0xcc0 [bcachefs] [ 3437.464493] vfs_write+0x21b/0x4c0 [ 3437.464653] ksys_write+0x69/0xf0 [ 3437.464839] do_syscall_64+0x42/0xf0 [ 3437.465009] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.465231] -> #0 (sb_writers#10){.+.+}-{0:0}: [ 3437.465471] __lock_acquire+0x1455/0x21b0 [ 3437.465656] lock_acquire+0xc6/0x2b0 [ 3437.465822] mnt_want_write+0x46/0x1a0 [ 3437.465996] filename_create+0x62/0x190 [ 3437.466175] user_path_create+0x2d/0x50 [ 3437.466352] bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs] [ 3437.466617] __x64_sys_ioctl+0x93/0xd0 [ 3437.466791] do_syscall_64+0x42/0xf0 [ 3437.466957] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 3437.467180] other info that might help us debug this: [ 3437.469670] 2 locks held by bcachefs/35533: other info that might help us debug this: [ 3437.467507] Chain exists of: sb_writers#10 --> &c->snapshot_create_lock --> &type->s_umount_key#48 [ 3437.467979] Possible unsafe locking scenario: [ 3437.468223] CPU0 CPU1 [ 3437.468405] ---- ---- [ 3437.468585] rlock(&type->s_umount_key#48); [ 3437.468758] lock(&c->snapshot_create_lock); [ 3437.469030] lock(&type->s_umount_key#48); [ 3437.469291] rlock(sb_writers#10); [ 3437.469434] *** DEADLOCK *** [ 3437.469 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26658 is a vulnerability identified in the Linux kernel specifically affecting the bcachefs filesystem module. The issue arises from an unsafe locking scenario involving the s_umount lock during snapshot operations. The vulnerability was discovered during testing of MongoDB data volumes stored on bcachefs with compression enabled, where kernel lock dependency (lockdep) warnings indicated a possible circular locking dependency and potential deadlock conditions. The problem manifests when the bcachefs filesystem attempts to grab the s_umount lock unconditionally during snapshot creation, leading to a circular lock dependency chain involving sb_writers, snapshot_create_lock, and s_umount_key locks. This can cause deadlocks in kernel space, resulting in system hangs or crashes when snapshotting operations are performed concurrently with file operations such as writes or truncates. The vulnerability is rooted in kernel-level locking logic and affects the integrity and availability of systems using bcachefs snapshots. The fix involves modifying the locking behavior to only acquire the s_umount lock if snapshotting is actually occurring, thereby breaking the circular dependency and preventing deadlocks. This vulnerability is specific to Linux kernel versions containing the affected bcachefs code and is relevant to environments using bcachefs for storage, especially where snapshotting is frequent or automated, such as database storage volumes (e.g., MongoDB). No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-26658 can be significant in environments relying on Linux servers with bcachefs for storage, particularly those using snapshot features for backup, data versioning, or database storage. The vulnerability can cause kernel deadlocks leading to system unavailability or crashes, which may disrupt critical services and applications. This is especially impactful for enterprises running database workloads (like MongoDB) on bcachefs volumes, as automated snapshotting could trigger the deadlock. The resulting downtime could affect business continuity, data integrity during snapshot operations, and operational efficiency. While the vulnerability does not appear to allow privilege escalation or direct data leakage, the availability impact on production systems can be severe. Organizations with high reliance on Linux-based storage solutions and automated snapshot workflows are at higher risk. Given the kernel-level nature, recovery from deadlocks may require system reboots, causing service interruptions. The absence of known exploits reduces immediate risk, but the complexity of the issue and its kernel-level impact warrant prompt attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-26658 as soon as they become available from trusted sources or Linux distributions. 2. Until patches are applied, consider disabling or limiting snapshot operations on bcachefs volumes, especially automated frequent snapshots, to reduce the risk of triggering deadlocks. 3. Monitor kernel logs for lockdep warnings or deadlock symptoms related to bcachefs snapshotting to detect potential issues early. 4. For critical systems, implement redundancy and failover mechanisms to minimize downtime in case of kernel hangs. 5. Evaluate alternative filesystems or storage configurations if snapshotting on bcachefs is essential but patching is delayed. 6. Engage with Linux distribution vendors for backported fixes if using long-term support kernels. 7. Conduct thorough testing of snapshot workflows post-patch to ensure stability and absence of deadlocks. 8. Maintain updated backups independent of snapshot mechanisms to ensure data recovery capability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.147Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe42bb
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 9:41:57 PM
Last updated: 8/16/2025, 3:55:19 AM
Views: 13
Related Threats
CVE-2025-52287: n/a
UnknownCVE-2025-55581: n/a
HighCVE-2025-52085: n/a
UnknownCVE-2025-43760: CWE-79: Cross-site Scripting in Liferay Portal
MediumCVE-2025-55613: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.