CVE-2024-42256: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry. The problem manifests as a warning looking something like: WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it.
AI Analysis
Technical Summary
CVE-2024-42256 is a vulnerability identified in the Linux kernel's CIFS (Common Internet File System) client implementation, specifically related to the handling of server selection during write operations in multichannel mode. The issue arises when a subrequest is marked for retry, triggering the netfs layer to call cifs_prepare_write(), which repicks the server before renegotiating credits. Subsequently, cifs_issue_write() invokes smb2_async_writev(), which erroneously performs another server repick. If this second repick selects a different server, it causes an inconsistency in the accounting of in-flight requests: the increment of server->in_flight is applied to one server record, while the decrement is applied to another. This misaccounting can lead to warnings and potential instability in the CIFS client subsystem. The vulnerability manifests as kernel warnings related to smb2_add_credits and smb2_writev_callback functions, often triggered by specific xfstests (generic/215, generic/249, generic/308) against Azure servers operating in multichannel mode. The root cause is the redundant server repick in smb2_async_writev(), which the patch fixes by removing this repick, relying instead on the preparatory step in cifs_prepare_write() to ensure the correct server context. While no direct exploit in the wild is currently known, the flaw could cause resource mismanagement and potential denial of service conditions due to improper tracking of in-flight operations. This is particularly relevant for environments using SMB multichannel features, such as cloud or enterprise storage solutions relying on CIFS/SMB protocols on Linux clients.
Potential Impact
For European organizations, especially those utilizing Linux-based systems in cloud or hybrid environments with SMB multichannel enabled, this vulnerability could lead to instability or degraded performance in file sharing services. Misaccounting of in-flight requests may cause kernel warnings and potentially resource leaks or deadlocks, impacting availability of critical file storage and collaboration services. Organizations relying on Azure or similar cloud infrastructures with Linux clients mounting SMB shares are particularly at risk. While confidentiality and integrity impacts are minimal as this is a resource management flaw, availability disruptions could affect business continuity, especially in sectors like finance, manufacturing, and public services where file sharing is integral. Additionally, troubleshooting and operational overhead may increase due to kernel warnings and potential system instability.
Mitigation Recommendations
European organizations should prioritize applying the Linux kernel patch that removes the redundant server repick in smb2_async_writev(), ensuring that cifs_prepare_write() is the sole mechanism for server selection during retries. System administrators should audit their Linux kernel versions and update to the fixed versions as soon as they become available. For environments using SMB multichannel, thorough testing should be conducted post-patch to confirm stability. Additionally, monitoring kernel logs for the specific warnings related to smb2_add_credits and smb2_writev_callback can help detect if unpatched systems are experiencing this issue. Organizations should also consider limiting or carefully managing SMB multichannel usage until patches are deployed. Engaging with cloud providers like Azure to confirm their mitigations or recommended client versions can further reduce risk. Finally, maintaining robust backup and recovery procedures will mitigate potential availability impacts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Ireland, Finland, Denmark
CVE-2024-42256: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement to happen against another, leading to misaccounting. Fix this by just removing the repick code in smb2_async_writev(). As this is only called from netfslib-driven code, cifs_prepare_write() should always have been called first, and so server should never be NULL and the preparatory step is repeated in the event that we do a retry. The problem manifests as a warning looking something like: WARNING: CPU: 4 PID: 72896 at fs/smb/client/smb2ops.c:97 smb2_add_credits+0x3f0/0x9e0 [cifs] ... RIP: 0010:smb2_add_credits+0x3f0/0x9e0 [cifs] ... smb2_writev_callback+0x334/0x560 [cifs] cifs_demultiplex_thread+0x77a/0x11b0 [cifs] kthread+0x187/0x1d0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Which may be triggered by a number of different xfstests running against an Azure server in multichannel mode. generic/249 seems the most repeatable, but generic/215, generic/249 and generic/308 may also show it.
AI-Powered Analysis
Technical Analysis
CVE-2024-42256 is a vulnerability identified in the Linux kernel's CIFS (Common Internet File System) client implementation, specifically related to the handling of server selection during write operations in multichannel mode. The issue arises when a subrequest is marked for retry, triggering the netfs layer to call cifs_prepare_write(), which repicks the server before renegotiating credits. Subsequently, cifs_issue_write() invokes smb2_async_writev(), which erroneously performs another server repick. If this second repick selects a different server, it causes an inconsistency in the accounting of in-flight requests: the increment of server->in_flight is applied to one server record, while the decrement is applied to another. This misaccounting can lead to warnings and potential instability in the CIFS client subsystem. The vulnerability manifests as kernel warnings related to smb2_add_credits and smb2_writev_callback functions, often triggered by specific xfstests (generic/215, generic/249, generic/308) against Azure servers operating in multichannel mode. The root cause is the redundant server repick in smb2_async_writev(), which the patch fixes by removing this repick, relying instead on the preparatory step in cifs_prepare_write() to ensure the correct server context. While no direct exploit in the wild is currently known, the flaw could cause resource mismanagement and potential denial of service conditions due to improper tracking of in-flight operations. This is particularly relevant for environments using SMB multichannel features, such as cloud or enterprise storage solutions relying on CIFS/SMB protocols on Linux clients.
Potential Impact
For European organizations, especially those utilizing Linux-based systems in cloud or hybrid environments with SMB multichannel enabled, this vulnerability could lead to instability or degraded performance in file sharing services. Misaccounting of in-flight requests may cause kernel warnings and potentially resource leaks or deadlocks, impacting availability of critical file storage and collaboration services. Organizations relying on Azure or similar cloud infrastructures with Linux clients mounting SMB shares are particularly at risk. While confidentiality and integrity impacts are minimal as this is a resource management flaw, availability disruptions could affect business continuity, especially in sectors like finance, manufacturing, and public services where file sharing is integral. Additionally, troubleshooting and operational overhead may increase due to kernel warnings and potential system instability.
Mitigation Recommendations
European organizations should prioritize applying the Linux kernel patch that removes the redundant server repick in smb2_async_writev(), ensuring that cifs_prepare_write() is the sole mechanism for server selection during retries. System administrators should audit their Linux kernel versions and update to the fixed versions as soon as they become available. For environments using SMB multichannel, thorough testing should be conducted post-patch to confirm stability. Additionally, monitoring kernel logs for the specific warnings related to smb2_add_credits and smb2_writev_callback can help detect if unpatched systems are experiencing this issue. Organizations should also consider limiting or carefully managing SMB multichannel usage until patches are deployed. Engaging with cloud providers like Azure to confirm their mitigations or recommended client versions can further reduce risk. Finally, maintaining robust backup and recovery procedures will mitigate potential availability impacts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-30T07:40:12.257Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe1d28
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 6:25:43 AM
Last updated: 8/14/2025, 12:36:12 AM
Views: 17
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.