CVE-2024-37078: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state.
AI Analysis
Technical Summary
CVE-2024-37078 is a vulnerability identified in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System version 2) module. The issue arises from improper handling of writeback flags during block device write operations. Specifically, when destructive writes occur on a block device where NILFS2 is mounted, the kernel's folio/page writeback routines (__folio_start_writeback and related functions) do not correctly wait for ongoing writebacks to complete before initiating new ones. This leads to an inconsistent writeback state and can trigger a kernel bug, causing a kernel panic or oops event. The vulnerability is rooted in the log writer's failure to wait for ongoing folio/page writebacks when starting writeback for segment summary blocks or super root blocks that utilize the backing device's page cache. The kernel bug manifests as an invalid opcode exception and a crash in the kernel memory management subsystem, as evidenced by the provided kernel oops trace. The fix involves modifying the NILFS2 code to properly wait for ongoing writebacks before marking folios/pages on the backing device as under writeback, ensuring consistency and preventing the kernel bug. This vulnerability affects Linux kernel versions identified by the commit hash 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 and likely other versions containing the same code path. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with NILFS2 file systems mounted on block devices. The impact includes potential system instability, unexpected kernel panics, and denial of service conditions due to kernel crashes. This can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems using NILFS2. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting denial of service can affect availability and operational continuity. Organizations in sectors such as telecommunications, finance, manufacturing, and public services that deploy Linux-based systems with NILFS2 could face service interruptions. Additionally, the kernel crash could lead to data corruption or loss if writeback operations are interrupted improperly. Given the kernel-level nature of the bug, recovery may require system reboots and could complicate incident response. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to avoid potential exploitation or accidental triggering.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-37078 as soon as it becomes available from trusted sources or Linux distribution vendors. 2. Review and audit systems to identify any usage of NILFS2 file systems, especially on critical servers or infrastructure devices. 3. Where possible, consider migrating data from NILFS2 to more commonly used and actively maintained file systems (e.g., ext4, XFS) until patches are applied. 4. Implement robust monitoring for kernel oops or panic events to detect early signs of this vulnerability being triggered. 5. Ensure that system backups are current and tested to mitigate data loss risks from unexpected crashes. 6. Limit access to systems running NILFS2 to trusted users and networks to reduce accidental or malicious triggering of destructive writes. 7. Coordinate with Linux distribution maintainers or vendors to receive timely updates and security advisories related to this vulnerability. 8. For embedded or specialized devices using NILFS2, consult with vendors for firmware or kernel updates addressing this issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2024-37078: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state.
AI-Powered Analysis
Technical Analysis
CVE-2024-37078 is a vulnerability identified in the Linux kernel's NILFS2 (New Implementation of a Log-structured File System version 2) module. The issue arises from improper handling of writeback flags during block device write operations. Specifically, when destructive writes occur on a block device where NILFS2 is mounted, the kernel's folio/page writeback routines (__folio_start_writeback and related functions) do not correctly wait for ongoing writebacks to complete before initiating new ones. This leads to an inconsistent writeback state and can trigger a kernel bug, causing a kernel panic or oops event. The vulnerability is rooted in the log writer's failure to wait for ongoing folio/page writebacks when starting writeback for segment summary blocks or super root blocks that utilize the backing device's page cache. The kernel bug manifests as an invalid opcode exception and a crash in the kernel memory management subsystem, as evidenced by the provided kernel oops trace. The fix involves modifying the NILFS2 code to properly wait for ongoing writebacks before marking folios/pages on the backing device as under writeback, ensuring consistency and preventing the kernel bug. This vulnerability affects Linux kernel versions identified by the commit hash 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 and likely other versions containing the same code path. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with NILFS2 file systems mounted on block devices. The impact includes potential system instability, unexpected kernel panics, and denial of service conditions due to kernel crashes. This can disrupt critical services, especially in environments relying on Linux servers for infrastructure, cloud services, or embedded systems using NILFS2. While the vulnerability does not appear to allow privilege escalation or remote code execution directly, the resulting denial of service can affect availability and operational continuity. Organizations in sectors such as telecommunications, finance, manufacturing, and public services that deploy Linux-based systems with NILFS2 could face service interruptions. Additionally, the kernel crash could lead to data corruption or loss if writeback operations are interrupted improperly. Given the kernel-level nature of the bug, recovery may require system reboots and could complicate incident response. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to avoid potential exploitation or accidental triggering.
Mitigation Recommendations
1. Apply the official Linux kernel patch that addresses CVE-2024-37078 as soon as it becomes available from trusted sources or Linux distribution vendors. 2. Review and audit systems to identify any usage of NILFS2 file systems, especially on critical servers or infrastructure devices. 3. Where possible, consider migrating data from NILFS2 to more commonly used and actively maintained file systems (e.g., ext4, XFS) until patches are applied. 4. Implement robust monitoring for kernel oops or panic events to detect early signs of this vulnerability being triggered. 5. Ensure that system backups are current and tested to mitigate data loss risks from unexpected crashes. 6. Limit access to systems running NILFS2 to trusted users and networks to reduce accidental or malicious triggering of destructive writes. 7. Coordinate with Linux distribution maintainers or vendors to receive timely updates and security advisories related to this vulnerability. 8. For embedded or specialized devices using NILFS2, consult with vendors for firmware or kernel updates addressing this issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-24T13:54:11.068Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe289d
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 10:56:33 AM
Last updated: 8/18/2025, 7:43:51 AM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.