CVE-2024-42299 is a vulnerability identified in the Linux kernel's NTFS3 filesystem driver, which handles the NTFS file system used primarily by Windows systems. The issue arises when an NTFS filesystem is mounted on a Linux system that has a different PAGE_SIZE configuration than the system where the filesystem was originally mounted or created. In the kernel code, the log structure maintains a page_size parameter along with associated page_mask and page_bits values. When the PAGE_SIZE changes during the log replay operation (log_replay()), the log->page_size is updated accordingly; however, the related fields log->page_mask and log->page_bits are not updated to reflect this change. This inconsistency leads to a calculation error in the read_log_page() function, where the expression "u32 bytes = log->page_size - page_off" can result in a negative value due to the mismatch. Since the variable is unsigned, this causes an integer underflow, which in turn triggers a kernel panic, effectively crashing the system. This vulnerability is a denial-of-service (DoS) condition caused by improper handling of filesystem metadata during NTFS log replay when PAGE_SIZE differs between systems. The vulnerability does not require user interaction or authentication to trigger, but it requires mounting an NTFS filesystem under specific conditions. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The issue has been resolved in recent Linux kernel updates by ensuring that log->page_mask and log->page_bits are updated consistently when log->page_size changes.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable NTFS3 driver, especially in environments where NTFS filesystems are shared or moved between machines with differing PAGE_SIZE configurations. This scenario is plausible in heterogeneous IT environments, such as enterprises using mixed hardware architectures (e.g., x86_64 and ARM) or virtualized/cloud environments where PAGE_SIZE may differ. The impact is a denial-of-service condition caused by kernel panic, which can lead to system crashes, service interruptions, and potential data availability issues. Critical infrastructure, data centers, and cloud service providers in Europe that rely on Linux systems with NTFS mounts for interoperability with Windows systems could experience operational disruptions. While this vulnerability does not directly lead to privilege escalation or data corruption, the forced system crashes could be leveraged by attackers to disrupt services or cause downtime, impacting business continuity. Organizations with automated or remote mounting of NTFS volumes are at higher risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation once the vulnerability becomes widely known.

European organizations should take the following specific mitigation steps: 1) Identify Linux systems that mount NTFS filesystems using the NTFS3 driver, particularly those that might mount volumes created or used on systems with different PAGE_SIZE configurations. 2) Apply the latest Linux kernel patches or updates that address CVE-2024-42299 as soon as they become available from trusted Linux distributions or kernel maintainers. 3) In environments where immediate patching is not feasible, avoid mounting NTFS filesystems across systems with differing PAGE_SIZE values, or restrict NTFS mounts to trusted systems with consistent architecture and kernel configurations. 4) Implement monitoring to detect kernel panics or unexpected reboots that could indicate exploitation attempts. 5) Review and harden system configurations to limit exposure, such as restricting access to mount commands and ensuring that only authorized personnel can mount external filesystems. 6) For virtualized or containerized environments, ensure consistent PAGE_SIZE settings across hosts and guests to prevent triggering the vulnerability. 7) Maintain backups and disaster recovery plans to minimize impact from potential denial-of-service incidents caused by this vulnerability.