CVE-2024-47690: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic. Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs.
AI Analysis
Technical Summary
CVE-2024-47690 is a vulnerability identified in the Linux kernel's implementation of the F2FS (Flash-Friendly File System). The issue arises from the handling of corrupted directories during an online repair process within the f2fs_lookup() function. Specifically, the vulnerability is triggered when the kernel attempts to perform an online repair on a corrupted directory while simultaneously racing with a readonly remount operation. This race condition can cause dirty data or metadata to be generated and leave dirty inodes in the filesystem after it has been remounted as readonly. The checkpoint() function, responsible for flushing dirty inodes, skips this flushing when the filesystem is in readonly mode, leading to a kernel panic as indicated by the kernel BUG at fs/f2fs/inode.c:896. The root cause is the unsafe attempt to repair directories online within f2fs_lookup(), which can corrupt the filesystem state and cause system instability or crashes. The fix involves removing the online repair logic from f2fs_lookup() and delegating repair tasks to the offline fsck.f2fs tool, which is designed to safely handle filesystem inconsistencies. This vulnerability affects Linux kernel versions containing the specified commit (510022a85839a8409d1e6a519bb86ce71a84f30a) and was publicly disclosed on October 21, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the F2FS filesystem, which is commonly used in flash storage devices such as SSDs and embedded systems. The potential impact includes unexpected kernel panics leading to system crashes and downtime, which can disrupt critical services and operations. In environments where high availability is essential, such as financial institutions, healthcare providers, and industrial control systems, such instability could result in significant operational and financial losses. Additionally, repeated crashes may lead to data corruption or loss if the filesystem state is compromised. While this vulnerability does not directly enable privilege escalation or remote code execution, the denial-of-service impact can be severe, especially in production environments relying on Linux-based infrastructure. The lack of requirement for user interaction or authentication means that local processes or automated tasks that trigger filesystem operations on corrupted directories could inadvertently cause system crashes.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should promptly update their Linux kernel to a version that includes the patch removing the online repair logic from f2fs_lookup(). Since the fix delegates repair to the offline fsck.f2fs tool, administrators should also incorporate regular offline filesystem checks into their maintenance routines, especially for systems using F2FS on flash storage. Monitoring system logs for kernel panics related to f2fs and proactively scanning for filesystem corruption can help detect early signs of exploitation. Additionally, organizations should consider isolating critical systems running F2FS to minimize the risk of cascading failures and ensure robust backup and recovery procedures are in place to restore data integrity in case of corruption. For embedded or IoT devices using F2FS, firmware updates incorporating the patched kernel should be prioritized. Finally, avoid performing online repairs on corrupted directories and rely on fsck.f2fs during scheduled maintenance windows to prevent triggering this race condition.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-47690: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c:4898 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373 task_work_run+0x24f/0x310 kernel/task_work.c:228 ptrace_notify+0x2d2/0x380 kernel/signal.c:2402 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173 syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x279/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Online repaire on corrupted directory in f2fs_lookup() can generate dirty data/meta while racing w/ readonly remount, it may leave dirty inode after filesystem becomes readonly, however, checkpoint() will skips flushing dirty inode in a state of readonly mode, result in above panic. Let's get rid of online repaire in f2fs_lookup(), and leave the work to fsck.f2fs.
AI-Powered Analysis
Technical Analysis
CVE-2024-47690 is a vulnerability identified in the Linux kernel's implementation of the F2FS (Flash-Friendly File System). The issue arises from the handling of corrupted directories during an online repair process within the f2fs_lookup() function. Specifically, the vulnerability is triggered when the kernel attempts to perform an online repair on a corrupted directory while simultaneously racing with a readonly remount operation. This race condition can cause dirty data or metadata to be generated and leave dirty inodes in the filesystem after it has been remounted as readonly. The checkpoint() function, responsible for flushing dirty inodes, skips this flushing when the filesystem is in readonly mode, leading to a kernel panic as indicated by the kernel BUG at fs/f2fs/inode.c:896. The root cause is the unsafe attempt to repair directories online within f2fs_lookup(), which can corrupt the filesystem state and cause system instability or crashes. The fix involves removing the online repair logic from f2fs_lookup() and delegating repair tasks to the offline fsck.f2fs tool, which is designed to safely handle filesystem inconsistencies. This vulnerability affects Linux kernel versions containing the specified commit (510022a85839a8409d1e6a519bb86ce71a84f30a) and was publicly disclosed on October 21, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the F2FS filesystem, which is commonly used in flash storage devices such as SSDs and embedded systems. The potential impact includes unexpected kernel panics leading to system crashes and downtime, which can disrupt critical services and operations. In environments where high availability is essential, such as financial institutions, healthcare providers, and industrial control systems, such instability could result in significant operational and financial losses. Additionally, repeated crashes may lead to data corruption or loss if the filesystem state is compromised. While this vulnerability does not directly enable privilege escalation or remote code execution, the denial-of-service impact can be severe, especially in production environments relying on Linux-based infrastructure. The lack of requirement for user interaction or authentication means that local processes or automated tasks that trigger filesystem operations on corrupted directories could inadvertently cause system crashes.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should promptly update their Linux kernel to a version that includes the patch removing the online repair logic from f2fs_lookup(). Since the fix delegates repair to the offline fsck.f2fs tool, administrators should also incorporate regular offline filesystem checks into their maintenance routines, especially for systems using F2FS on flash storage. Monitoring system logs for kernel panics related to f2fs and proactively scanning for filesystem corruption can help detect early signs of exploitation. Additionally, organizations should consider isolating critical systems running F2FS to minimize the risk of cascading failures and ensure robust backup and recovery procedures are in place to restore data integrity in case of corruption. For embedded or IoT devices using F2FS, firmware updates incorporating the patched kernel should be prioritized. Finally, avoid performing online repairs on corrupted directories and rely on fsck.f2fs during scheduled maintenance windows to prevent triggering this race condition.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.942Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0509
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:39:55 PM
Last updated: 7/26/2025, 6:12:27 AM
Views: 10
Related Threats
CVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumCVE-2025-8685: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emilien Wp chart generator
MediumCVE-2025-8621: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in odn Mosaic Generator
MediumCVE-2025-8568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in prabode GMap Generator
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.