CVE-2024-42315: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS.
AI Analysis
Technical Summary
CVE-2024-42315 is a vulnerability identified in the Linux kernel's exFAT filesystem driver, specifically related to the function __exfat_get_dentry_set. The issue arises when accessing files that contain more entries than the defined ES_MAX_ENTRY_NUM. In this scenario, the buffer head array (bh-array) is allocated using GFP_KERNEL memory allocation flags. This allocation strategy is problematic because it can lead to a deadlock involving the sbi->s_lock mutex. The deadlock occurs due to a lock order inversion between two processes running on different CPUs: one process (kswapd) holding the fs_reclaim lock and waiting for sbi->s_lock, and another process iterating over exFAT directory entries holding sbi->s_lock and attempting to allocate memory with GFP_KERNEL, which tries to acquire fs_reclaim again. This circular dependency causes the system to deadlock. The fix implemented changes the memory allocation flag from GFP_KERNEL to GFP_NOFS for the bh-array, which prevents the allocation from triggering filesystem reclaim operations and thus avoids the deadlock condition. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes and is relevant to systems using the exFAT filesystem, commonly used for removable storage devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can lead to system hangs or deadlocks on Linux systems that mount and access exFAT filesystems, which are widely used in removable media such as USB drives and SD cards. The deadlock can cause denial of service (DoS) conditions, impacting availability of affected systems. This is particularly critical for environments relying on Linux servers or embedded devices that interact with exFAT-formatted storage, such as media servers, industrial control systems, or endpoint devices. While the vulnerability does not directly lead to data corruption or unauthorized access, the resulting system unresponsiveness can disrupt business operations, cause downtime, and increase operational costs. Given the prevalence of Linux in enterprise and governmental infrastructures across Europe, especially in sectors like telecommunications, finance, and public administration, the impact can be significant if unpatched systems are exposed to crafted exFAT files triggering this deadlock.
Mitigation Recommendations
Organizations should prioritize updating their Linux kernel to the latest patched versions that include the fix for CVE-2024-42315. Specifically, ensure that kernel versions incorporate the change from GFP_KERNEL to GFP_NOFS in the __exfat_get_dentry_set function. For environments where immediate patching is not feasible, consider restricting or monitoring the use of exFAT filesystems, especially from untrusted removable media. Implement strict device control policies to limit the introduction of potentially malicious or malformed exFAT files. Additionally, system administrators should monitor system logs for signs of deadlock or unresponsiveness related to exFAT filesystem operations and prepare incident response plans to quickly recover affected systems. Testing patches in staging environments before deployment is recommended to avoid regressions. Finally, maintain up-to-date backups of critical data to mitigate potential operational disruptions caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-42315: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS.
AI-Powered Analysis
Technical Analysis
CVE-2024-42315 is a vulnerability identified in the Linux kernel's exFAT filesystem driver, specifically related to the function __exfat_get_dentry_set. The issue arises when accessing files that contain more entries than the defined ES_MAX_ENTRY_NUM. In this scenario, the buffer head array (bh-array) is allocated using GFP_KERNEL memory allocation flags. This allocation strategy is problematic because it can lead to a deadlock involving the sbi->s_lock mutex. The deadlock occurs due to a lock order inversion between two processes running on different CPUs: one process (kswapd) holding the fs_reclaim lock and waiting for sbi->s_lock, and another process iterating over exFAT directory entries holding sbi->s_lock and attempting to allocate memory with GFP_KERNEL, which tries to acquire fs_reclaim again. This circular dependency causes the system to deadlock. The fix implemented changes the memory allocation flag from GFP_KERNEL to GFP_NOFS for the bh-array, which prevents the allocation from triggering filesystem reclaim operations and thus avoids the deadlock condition. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes and is relevant to systems using the exFAT filesystem, commonly used for removable storage devices. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability can lead to system hangs or deadlocks on Linux systems that mount and access exFAT filesystems, which are widely used in removable media such as USB drives and SD cards. The deadlock can cause denial of service (DoS) conditions, impacting availability of affected systems. This is particularly critical for environments relying on Linux servers or embedded devices that interact with exFAT-formatted storage, such as media servers, industrial control systems, or endpoint devices. While the vulnerability does not directly lead to data corruption or unauthorized access, the resulting system unresponsiveness can disrupt business operations, cause downtime, and increase operational costs. Given the prevalence of Linux in enterprise and governmental infrastructures across Europe, especially in sectors like telecommunications, finance, and public administration, the impact can be significant if unpatched systems are exposed to crafted exFAT files triggering this deadlock.
Mitigation Recommendations
Organizations should prioritize updating their Linux kernel to the latest patched versions that include the fix for CVE-2024-42315. Specifically, ensure that kernel versions incorporate the change from GFP_KERNEL to GFP_NOFS in the __exfat_get_dentry_set function. For environments where immediate patching is not feasible, consider restricting or monitoring the use of exFAT filesystems, especially from untrusted removable media. Implement strict device control policies to limit the introduction of potentially malicious or malformed exFAT files. Additionally, system administrators should monitor system logs for signs of deadlock or unresponsiveness related to exFAT filesystem operations and prepare incident response plans to quickly recover affected systems. Testing patches in staging environments before deployment is recommended to avoid regressions. Finally, maintain up-to-date backups of critical data to mitigate potential operational disruptions caused by this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-30T07:40:12.278Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe1ee2
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 7:10:29 AM
Last updated: 8/8/2025, 2:32:14 PM
Views: 13
Related Threats
CVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-54992: CWE-611: Improper Restriction of XML External Entity Reference in telstra open-kilda
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.