CVE-2024-26704 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically within the ext4_move_extents() function. The flaw arises from improper handling of the moved_len variable, which tracks the number of successfully moved extents during a block move operation. In the vulnerable code, moved_len is only updated after all extents are moved successfully. However, if the loop exits prematurely after moving some extents, moved_len remains zero. This causes the function to incorrectly retain preallocations for orig_inode and donor_inode. When the moved extents overlap with these preallocated extents, a double-free condition occurs in ext4_mb_release_inode_pa() and ext4_process_freed_data(), leading to bb_free being incremented twice for the same blocks. This inconsistency triggers a zero-division error in mb_update_avg_fragment_size() during a trim operation because bb_free is non-zero while bb_fragments is zero. The root cause is the failure to update moved_len incrementally after each extent move, which results in improper memory management and potential kernel instability. The vulnerability can cause kernel crashes or denial of service due to the zero-division error and memory corruption from double-free. The fix involves updating moved_len after each extent move to ensure correct resource accounting and prevent double-free scenarios. This vulnerability affects Linux kernel versions containing the specified commit hashes prior to the fix and is relevant to systems using the ext4 filesystem with move extents operations. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running Linux with ext4 filesystems, which are widely used in servers, cloud infrastructure, and enterprise environments. Exploitation could lead to kernel crashes resulting in denial of service, potentially disrupting critical services and operations. In environments with high availability requirements, such as financial institutions, healthcare providers, and government agencies, unexpected downtime could have significant operational and reputational impacts. Although no remote code execution or privilege escalation is directly indicated, the instability caused by double-free and zero-division errors could be leveraged by attackers to cause persistent service outages or to facilitate further attacks by destabilizing systems. Organizations relying on Linux-based storage solutions or virtualized environments using ext4 should be particularly vigilant. The absence of known exploits suggests a window for proactive patching before active exploitation occurs, which is critical to maintaining system integrity and availability.

European organizations should prioritize applying the official Linux kernel patches that address this vulnerability by correctly updating moved_len after each extent move. System administrators should: 1) Identify all Linux systems using ext4 filesystems, especially those performing frequent extent move operations (e.g., during filesystem maintenance or defragmentation). 2) Update Linux kernels to the latest stable versions containing the fix for CVE-2024-26704. 3) Test patches in staging environments to ensure compatibility and stability before deployment in production. 4) Monitor kernel logs and system behavior for signs of ext4-related errors or crashes that could indicate exploitation attempts. 5) Implement robust backup and recovery procedures to mitigate potential data loss from filesystem corruption. 6) Limit access to systems with ext4 filesystems to trusted administrators to reduce the risk of exploitation through local access. 7) Consider using filesystem integrity monitoring tools to detect anomalies in ext4 metadata and block allocation. These targeted actions go beyond generic advice by focusing on the specific ext4 move extents operation and the kernel versions affected.