CVE-2024-40952: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case.
AI Analysis
Technical Summary
CVE-2024-40952 is a vulnerability identified in the Linux kernel's OCFS2 (Oracle Cluster File System version 2) module. The flaw arises from a NULL pointer dereference in the function ocfs2_journal_dirty(), which is triggered due to improper handling of a data structure after a recent code change. Specifically, a commit replaced the usage of bdev->bd_super with b_assoc_map->host->i_sb, but b_assoc_map was not properly initialized, leading to a NULL pointer dereference when ocfs2_journal_dirty() attempts to access it. This bug can be reliably reproduced by running the xfstests generic/186 test, which simulates a scenario with no more credits. The kernel log excerpts show a typical NULL pointer dereference crash, causing a kernel BUG and a system panic or oops. The vulnerability stems from a logic error in transaction and journal handling within OCFS2, where the fix involves aborting the transaction and journal in ocfs2_journal_dirty() and deferring the abort operation to ocfs2_abort() upon detecting an aborted handle. This approach prevents the NULL pointer dereference by ensuring that the uninitialized b_assoc_map is not accessed prematurely. The vulnerability affects Linux kernel versions containing the specified commit 8887b94d9322 and related code. While no known exploits are reported in the wild, the flaw can cause kernel crashes leading to denial of service (DoS) conditions on systems using OCFS2. OCFS2 is a cluster file system primarily used in enterprise environments requiring shared storage across nodes, such as database clusters or high-availability setups. The vulnerability is technical and requires kernel-level access or the ability to trigger specific filesystem operations to exploit, but it can cause system instability and potential service outages.
Potential Impact
For European organizations, the impact of CVE-2024-40952 is primarily related to availability and system stability. Organizations using Linux servers with OCFS2 for clustered storage—common in enterprise data centers, cloud providers, and critical infrastructure—may experience kernel crashes resulting in service interruptions or downtime. This can affect industries relying on high-availability clusters, such as finance, telecommunications, manufacturing, and public sector services. The vulnerability could disrupt database clusters or shared storage systems, potentially leading to data unavailability during crashes. Although there is no indication of data corruption or confidentiality breaches, the denial of service impact could have cascading effects on business operations and SLAs. Given the technical nature of the flaw, exploitation requires specific conditions and knowledge, limiting widespread exploitation risk. However, targeted attacks or accidental triggering during maintenance or testing could still cause significant operational disruptions. European organizations with stringent uptime requirements and those operating critical infrastructure should prioritize addressing this vulnerability to maintain service continuity.
Mitigation Recommendations
To mitigate CVE-2024-40952, European organizations should: 1) Apply the latest Linux kernel patches that fix the OCFS2 NULL pointer dereference as soon as they become available from their Linux distribution vendors or the upstream kernel. 2) If patching is not immediately possible, consider disabling OCFS2 filesystem usage on affected systems or migrating critical data to alternative, stable filesystems until patched. 3) Implement rigorous testing of kernel updates in staging environments that replicate clustered storage setups to detect any regressions or issues before production deployment. 4) Monitor kernel logs and system stability closely for signs of ocfs2_journal_dirty() related crashes or oops messages, enabling early detection of exploitation attempts or accidental triggers. 5) Limit kernel-level access and restrict operations that can trigger OCFS2 journal modifications to trusted administrators to reduce risk of accidental or malicious exploitation. 6) Maintain up-to-date backups of critical clustered storage data to enable rapid recovery in case of service disruption. 7) Engage with Linux distribution security advisories and subscribe to vulnerability notifications to stay informed about patch releases and related security updates.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-40952: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case.
AI-Powered Analysis
Technical Analysis
CVE-2024-40952 is a vulnerability identified in the Linux kernel's OCFS2 (Oracle Cluster File System version 2) module. The flaw arises from a NULL pointer dereference in the function ocfs2_journal_dirty(), which is triggered due to improper handling of a data structure after a recent code change. Specifically, a commit replaced the usage of bdev->bd_super with b_assoc_map->host->i_sb, but b_assoc_map was not properly initialized, leading to a NULL pointer dereference when ocfs2_journal_dirty() attempts to access it. This bug can be reliably reproduced by running the xfstests generic/186 test, which simulates a scenario with no more credits. The kernel log excerpts show a typical NULL pointer dereference crash, causing a kernel BUG and a system panic or oops. The vulnerability stems from a logic error in transaction and journal handling within OCFS2, where the fix involves aborting the transaction and journal in ocfs2_journal_dirty() and deferring the abort operation to ocfs2_abort() upon detecting an aborted handle. This approach prevents the NULL pointer dereference by ensuring that the uninitialized b_assoc_map is not accessed prematurely. The vulnerability affects Linux kernel versions containing the specified commit 8887b94d9322 and related code. While no known exploits are reported in the wild, the flaw can cause kernel crashes leading to denial of service (DoS) conditions on systems using OCFS2. OCFS2 is a cluster file system primarily used in enterprise environments requiring shared storage across nodes, such as database clusters or high-availability setups. The vulnerability is technical and requires kernel-level access or the ability to trigger specific filesystem operations to exploit, but it can cause system instability and potential service outages.
Potential Impact
For European organizations, the impact of CVE-2024-40952 is primarily related to availability and system stability. Organizations using Linux servers with OCFS2 for clustered storage—common in enterprise data centers, cloud providers, and critical infrastructure—may experience kernel crashes resulting in service interruptions or downtime. This can affect industries relying on high-availability clusters, such as finance, telecommunications, manufacturing, and public sector services. The vulnerability could disrupt database clusters or shared storage systems, potentially leading to data unavailability during crashes. Although there is no indication of data corruption or confidentiality breaches, the denial of service impact could have cascading effects on business operations and SLAs. Given the technical nature of the flaw, exploitation requires specific conditions and knowledge, limiting widespread exploitation risk. However, targeted attacks or accidental triggering during maintenance or testing could still cause significant operational disruptions. European organizations with stringent uptime requirements and those operating critical infrastructure should prioritize addressing this vulnerability to maintain service continuity.
Mitigation Recommendations
To mitigate CVE-2024-40952, European organizations should: 1) Apply the latest Linux kernel patches that fix the OCFS2 NULL pointer dereference as soon as they become available from their Linux distribution vendors or the upstream kernel. 2) If patching is not immediately possible, consider disabling OCFS2 filesystem usage on affected systems or migrating critical data to alternative, stable filesystems until patched. 3) Implement rigorous testing of kernel updates in staging environments that replicate clustered storage setups to detect any regressions or issues before production deployment. 4) Monitor kernel logs and system stability closely for signs of ocfs2_journal_dirty() related crashes or oops messages, enabling early detection of exploitation attempts or accidental triggers. 5) Limit kernel-level access and restrict operations that can trigger OCFS2 journal modifications to trusted administrators to reduce risk of accidental or malicious exploitation. 6) Maintain up-to-date backups of critical clustered storage data to enable rapid recovery in case of service disruption. 7) Engage with Linux distribution security advisories and subscribe to vulnerability notifications to stay informed about patch releases and related security updates.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.592Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe148d
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:40:50 AM
Last updated: 8/17/2025, 4:19:13 PM
Views: 13
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.