CVE-2024-42115: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once.
AI Analysis
Technical Summary
CVE-2024-42115 is a vulnerability identified in the Linux kernel's JFFS2 (Journaling Flash File System version 2) implementation, specifically within the jffs2_free_inode function. The issue arises due to a potential illegal address access caused by uninitialized memory usage during inode freeing operations. During stress testing, kernel panic logs revealed a kernel paging request fault at an invalid virtual address, indicating a memory access violation. The root cause is traced to the jffs_inode_info structure, where most members except the semaphore (sem) are left uninitialized and retain a memory test pattern (0x5a5a5a5a), which is indicative of uninitialized memory. The initialization functions jffs2_i_init_once and jffs2_init_inode_info are responsible for setting these members, but due to concurrency and the behavior of the iget_locked function, the destroy_inode path can be triggered prematurely, releasing the inode and leaving the target member uninitialized. This results in the kfree function being called with an invalid pointer, causing a kernel crash (Oops). The vulnerability is a use-after-free or uninitialized pointer dereference issue that can lead to denial of service (system crash) under high concurrency or stress conditions. The fix involves explicitly setting the target pointer to NULL in jffs2_i_init_once to prevent freeing invalid memory. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-42115 is the potential for denial of service (DoS) on systems running vulnerable Linux kernel versions with JFFS2 enabled. This is particularly relevant for embedded devices, IoT systems, and specialized industrial equipment that rely on JFFS2 for flash storage management. A kernel crash can lead to system instability, unexpected reboots, and potential data loss or corruption. While this vulnerability does not directly enable privilege escalation or remote code execution, the resulting DoS could disrupt critical services, especially in sectors like manufacturing, telecommunications, and critical infrastructure where embedded Linux devices are prevalent. Additionally, recovery from such crashes may require manual intervention, increasing operational costs and downtime. Since the vulnerability is triggered under high concurrency and stress, environments with heavy I/O operations on JFFS2 file systems are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk, especially if attackers develop targeted exploits in the future.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify and inventory all devices and systems running Linux kernels with JFFS2 enabled, focusing on embedded and IoT devices. 2) Apply the latest Linux kernel patches that address CVE-2024-42115 as soon as they become available, ensuring the jffs2_i_init_once function sets the target pointer to NULL to prevent invalid memory frees. 3) For devices where kernel updates are not immediately feasible, implement operational controls to limit high concurrency stress on JFFS2 file systems, such as throttling I/O operations or load balancing. 4) Monitor kernel logs for Oops or paging faults related to jffs2_free_inode to detect potential exploitation or triggering of this vulnerability. 5) Engage with device vendors and embedded system manufacturers to obtain firmware updates incorporating the fix. 6) Incorporate this vulnerability into incident response and patch management workflows to ensure timely remediation. 7) Consider isolating critical embedded devices from untrusted networks to reduce attack surface. These measures go beyond generic advice by focusing on embedded and specialized Linux environments where JFFS2 is used, emphasizing proactive detection and vendor coordination.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland, Poland
CVE-2024-42115: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once.
AI-Powered Analysis
Technical Analysis
CVE-2024-42115 is a vulnerability identified in the Linux kernel's JFFS2 (Journaling Flash File System version 2) implementation, specifically within the jffs2_free_inode function. The issue arises due to a potential illegal address access caused by uninitialized memory usage during inode freeing operations. During stress testing, kernel panic logs revealed a kernel paging request fault at an invalid virtual address, indicating a memory access violation. The root cause is traced to the jffs_inode_info structure, where most members except the semaphore (sem) are left uninitialized and retain a memory test pattern (0x5a5a5a5a), which is indicative of uninitialized memory. The initialization functions jffs2_i_init_once and jffs2_init_inode_info are responsible for setting these members, but due to concurrency and the behavior of the iget_locked function, the destroy_inode path can be triggered prematurely, releasing the inode and leaving the target member uninitialized. This results in the kfree function being called with an invalid pointer, causing a kernel crash (Oops). The vulnerability is a use-after-free or uninitialized pointer dereference issue that can lead to denial of service (system crash) under high concurrency or stress conditions. The fix involves explicitly setting the target pointer to NULL in jffs2_i_init_once to prevent freeing invalid memory. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-42115 is the potential for denial of service (DoS) on systems running vulnerable Linux kernel versions with JFFS2 enabled. This is particularly relevant for embedded devices, IoT systems, and specialized industrial equipment that rely on JFFS2 for flash storage management. A kernel crash can lead to system instability, unexpected reboots, and potential data loss or corruption. While this vulnerability does not directly enable privilege escalation or remote code execution, the resulting DoS could disrupt critical services, especially in sectors like manufacturing, telecommunications, and critical infrastructure where embedded Linux devices are prevalent. Additionally, recovery from such crashes may require manual intervention, increasing operational costs and downtime. Since the vulnerability is triggered under high concurrency and stress, environments with heavy I/O operations on JFFS2 file systems are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk, especially if attackers develop targeted exploits in the future.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify and inventory all devices and systems running Linux kernels with JFFS2 enabled, focusing on embedded and IoT devices. 2) Apply the latest Linux kernel patches that address CVE-2024-42115 as soon as they become available, ensuring the jffs2_i_init_once function sets the target pointer to NULL to prevent invalid memory frees. 3) For devices where kernel updates are not immediately feasible, implement operational controls to limit high concurrency stress on JFFS2 file systems, such as throttling I/O operations or load balancing. 4) Monitor kernel logs for Oops or paging faults related to jffs2_free_inode to detect potential exploitation or triggering of this vulnerability. 5) Engage with device vendors and embedded system manufacturers to obtain firmware updates incorporating the fix. 6) Incorporate this vulnerability into incident response and patch management workflows to ensure timely remediation. 7) Consider isolating critical embedded devices from untrusted networks to reduce attack surface. These measures go beyond generic advice by focusing on embedded and specialized Linux environments where JFFS2 is used, emphasizing proactive detection and vendor coordination.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-29T15:50:41.178Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe1acf
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 5:25:47 AM
Last updated: 7/31/2025, 3:18:25 AM
Views: 22
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.