CVE-2024-45003: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state) Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state) Fix the possible deadlock by using new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate( ---truncated---
AI Analysis
Technical Summary
CVE-2024-45003 is a vulnerability in the Linux kernel related to inode eviction and reclaiming processes that can lead to deadlocks during inode management. The Linux kernel uses an inode reclaiming process to free up memory by collecting reclaimable inodes and marking them with the I_FREEING flag. During this process, other processes attempting to access these inodes become blocked. The vulnerability arises when certain filesystems, such as ext4 with the ea_inode feature or ubifs with extended attributes (xattr), perform inode lookups during the inode eviction callback while the inode LRU (Least Recently Used) list is being traversed. This can cause deadlocks because the reclaiming process holds locks while trying to evict inodes, and the inode lookup attempts to acquire locks on inodes that are already marked as freeing, causing processes to wait indefinitely. Two main deadlock scenarios are described: 1. Ext4 Filesystem Deadlock: When the ext4_evict_inode() function is called, it may trigger an extended attribute inode lookup (ea_inode) that attempts to access an inode already marked for eviction. This leads to a deadlock where the reclaiming process cannot complete because it waits on the inode state to change, but the inode lookup is blocked waiting for the reclaiming process to finish. 2. UBIFS Filesystem Deadlock: In the ubifs_jnl_write_inode() function, a race condition occurs involving the BASEHD's write buffer mutex (wbuf->io_mutex). The file deleting process holds this mutex while trying to get the xattr inode, which races with the inode reclaiming process that also tries to lock the same mutex during inode eviction. This results in an ABBA deadlock pattern where two processes wait on each other’s locks, halting progress. The fix introduces a new inode state flag, I_LRU_ISOLATING, which pins the inode in memory during the isolation phase to prevent these deadlocks by ensuring that inode lookups do not block reclaiming operations. This change improves the concurrency and stability of inode eviction and reclaiming in affected filesystems. This vulnerability affects Linux kernel versions identified by the commit hash e50e5129f384ae282adebfb561189cdb19b81cee and related versions prior to the patch. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability can lead to system hangs or deadlocks on Linux servers and devices using affected filesystems (ext4 with ea_inode feature, ubifs with xattr). These deadlocks can cause denial of service (DoS) conditions by blocking critical filesystem operations, potentially impacting availability of services relying on Linux infrastructure. Given Linux's widespread use in enterprise servers, cloud environments, embedded devices, and IoT systems across Europe, the impact could be significant in environments with heavy filesystem activity or where extended attributes are used extensively. The deadlock could disrupt operations in data centers, web hosting, telecommunications infrastructure, and industrial control systems. Systems performing frequent file attribute operations or cache management (e.g., via drop_caches) are particularly at risk. While this vulnerability does not directly expose confidentiality or integrity risks, the resulting DoS could indirectly affect business continuity and operational resilience. Organizations relying on Linux-based storage solutions or embedded Linux devices should be aware of potential service interruptions until patched.
Mitigation Recommendations
1. Apply Kernel Updates: The primary mitigation is to update Linux kernels to versions that include the patch introducing the I_LRU_ISOLATING flag. Organizations should monitor distributions for security advisories and apply vendor-provided kernel updates promptly. 2. Filesystem Configuration Review: Evaluate the use of extended attributes (xattr) and the ea_inode feature on ext4 filesystems. Where feasible, disable or limit these features if not required, reducing exposure. 3. Controlled Cache Management: Avoid aggressive or frequent use of cache dropping commands (e.g., echo 2 > /proc/sys/vm/drop_caches) in production environments, as these can trigger inode reclaiming and increase deadlock risk. 4. Monitoring and Alerting: Implement monitoring for kernel hangs, inode reclaiming stalls, or filesystem deadlocks. Tools that detect kernel lockups or high inode reclaim activity can provide early warning. 5. Testing Before Deployment: Test kernel updates and filesystem configurations in staging environments to ensure stability and compatibility, especially for systems using ubifs or ext4 with extended attributes. 6. Incident Response Preparedness: Prepare for potential DoS scenarios by having recovery procedures, including safe reboot strategies and filesystem checks, to minimize downtime if deadlocks occur.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-45003: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. Case 1: In function ext4_evict_inode(), the ea inode lookup could happen if ea_inode feature is enabled, the lookup process will be stuck under the evicting context like this: 1. File A has inode i_reg and an ea inode i_ea 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru->i_ea 3. Then, following three processes running like this: PA PB echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // i_reg is added into lru, lru->i_ea->i_reg prune_icache_sb list_lru_walk_one inode_lru_isolate i_ea->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(i_reg) spin_unlock(&i_reg->i_lock) spin_unlock(lru_lock) rm file A i_reg->nlink = 0 iput(i_reg) // i_reg->nlink is 0, do evict ext4_evict_inode ext4_xattr_delete_inode ext4_xattr_inode_dec_ref_all ext4_xattr_inode_iget ext4_iget(i_ea->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(i_ea) ----→ AA deadlock dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&i_ea->i_state) Case 2: In deleted inode writing function ubifs_jnl_write_inode(), file deleting process holds BASEHD's wbuf->io_mutex while getting the xattr inode, which could race with inode reclaiming process(The reclaiming process could try locking BASEHD's wbuf->io_mutex in inode evicting function), then an ABBA deadlock problem would happen as following: 1. File A has inode ia and a xattr(with inode ixa), regular file B has inode ib and a xattr. 2. getfattr(A, xattr_buf) // ixa is added into lru // lru->ixa 3. Then, following three processes running like this: PA PB PC echo 2 > /proc/sys/vm/drop_caches shrink_slab prune_dcache_sb // ib and ia are added into lru, lru->ixa->ib->ia prune_icache_sb list_lru_walk_one inode_lru_isolate ixa->i_state |= I_FREEING // set inode state inode_lru_isolate __iget(ib) spin_unlock(&ib->i_lock) spin_unlock(lru_lock) rm file B ib->nlink = 0 rm file A iput(ia) ubifs_evict_inode(ia) ubifs_jnl_delete_inode(ia) ubifs_jnl_write_inode(ia) make_reservation(BASEHD) // Lock wbuf->io_mutex ubifs_iget(ixa->i_ino) iget_locked find_inode_fast __wait_on_freeing_inode(ixa) | iput(ib) // ib->nlink is 0, do evict | ubifs_evict_inode | ubifs_jnl_delete_inode(ib) ↓ ubifs_jnl_write_inode ABBA deadlock ←-----make_reservation(BASEHD) dispose_list // cannot be executed by prune_icache_sb wake_up_bit(&ixa->i_state) Fix the possible deadlock by using new inode state flag I_LRU_ISOLATING to pin the inode in memory while inode_lru_isolate( ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-45003 is a vulnerability in the Linux kernel related to inode eviction and reclaiming processes that can lead to deadlocks during inode management. The Linux kernel uses an inode reclaiming process to free up memory by collecting reclaimable inodes and marking them with the I_FREEING flag. During this process, other processes attempting to access these inodes become blocked. The vulnerability arises when certain filesystems, such as ext4 with the ea_inode feature or ubifs with extended attributes (xattr), perform inode lookups during the inode eviction callback while the inode LRU (Least Recently Used) list is being traversed. This can cause deadlocks because the reclaiming process holds locks while trying to evict inodes, and the inode lookup attempts to acquire locks on inodes that are already marked as freeing, causing processes to wait indefinitely. Two main deadlock scenarios are described: 1. Ext4 Filesystem Deadlock: When the ext4_evict_inode() function is called, it may trigger an extended attribute inode lookup (ea_inode) that attempts to access an inode already marked for eviction. This leads to a deadlock where the reclaiming process cannot complete because it waits on the inode state to change, but the inode lookup is blocked waiting for the reclaiming process to finish. 2. UBIFS Filesystem Deadlock: In the ubifs_jnl_write_inode() function, a race condition occurs involving the BASEHD's write buffer mutex (wbuf->io_mutex). The file deleting process holds this mutex while trying to get the xattr inode, which races with the inode reclaiming process that also tries to lock the same mutex during inode eviction. This results in an ABBA deadlock pattern where two processes wait on each other’s locks, halting progress. The fix introduces a new inode state flag, I_LRU_ISOLATING, which pins the inode in memory during the isolation phase to prevent these deadlocks by ensuring that inode lookups do not block reclaiming operations. This change improves the concurrency and stability of inode eviction and reclaiming in affected filesystems. This vulnerability affects Linux kernel versions identified by the commit hash e50e5129f384ae282adebfb561189cdb19b81cee and related versions prior to the patch. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability can lead to system hangs or deadlocks on Linux servers and devices using affected filesystems (ext4 with ea_inode feature, ubifs with xattr). These deadlocks can cause denial of service (DoS) conditions by blocking critical filesystem operations, potentially impacting availability of services relying on Linux infrastructure. Given Linux's widespread use in enterprise servers, cloud environments, embedded devices, and IoT systems across Europe, the impact could be significant in environments with heavy filesystem activity or where extended attributes are used extensively. The deadlock could disrupt operations in data centers, web hosting, telecommunications infrastructure, and industrial control systems. Systems performing frequent file attribute operations or cache management (e.g., via drop_caches) are particularly at risk. While this vulnerability does not directly expose confidentiality or integrity risks, the resulting DoS could indirectly affect business continuity and operational resilience. Organizations relying on Linux-based storage solutions or embedded Linux devices should be aware of potential service interruptions until patched.
Mitigation Recommendations
1. Apply Kernel Updates: The primary mitigation is to update Linux kernels to versions that include the patch introducing the I_LRU_ISOLATING flag. Organizations should monitor distributions for security advisories and apply vendor-provided kernel updates promptly. 2. Filesystem Configuration Review: Evaluate the use of extended attributes (xattr) and the ea_inode feature on ext4 filesystems. Where feasible, disable or limit these features if not required, reducing exposure. 3. Controlled Cache Management: Avoid aggressive or frequent use of cache dropping commands (e.g., echo 2 > /proc/sys/vm/drop_caches) in production environments, as these can trigger inode reclaiming and increase deadlock risk. 4. Monitoring and Alerting: Implement monitoring for kernel hangs, inode reclaiming stalls, or filesystem deadlocks. Tools that detect kernel lockups or high inode reclaim activity can provide early warning. 5. Testing Before Deployment: Test kernel updates and filesystem configurations in staging environments to ensure stability and compatibility, especially for systems using ubifs or ext4 with extended attributes. 6. Incident Response Preparedness: Prepare for potential DoS scenarios by having recovery procedures, including safe reboot strategies and filesystem checks, to minimize downtime if deadlocks occur.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-21T05:34:56.678Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0e6b
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 11:40:44 PM
Last updated: 8/18/2025, 11:22:56 PM
Views: 19
Related Threats
CVE-2025-9193: Open Redirect in TOTVS Portal Meu RH
MediumCVE-2025-9176: OS Command Injection in neurobin shc
MediumCVE-2025-9175: Stack-based Buffer Overflow in neurobin shc
MediumCVE-2025-9174: OS Command Injection in neurobin shc
MediumCVE-2025-9171: Cross Site Scripting in SolidInvoice
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.