CVE-2024-47736 is a vulnerability identified in the Linux kernel's implementation of the EROFS (Enhanced Read-Only File System) subsystem. The issue arises from improper handling of overlapped physical clusters (pclusters) in specially crafted filesystem images. Normally, filesystem images generated by standard tools like mkfs do not contain overlapping pclusters, but fuzz testing revealed that malformed images with overlapping pclusters can cause a deadlock scenario. Specifically, the vulnerability involves a task hang due to a deadlock while waiting for a folio lock on a cached folio used for cache I/O operations. The root cause is the mishandling of BIO (Block I/O) submission order and the mismanagement of managed folios containing compressed data. Managed folios are marked up-to-date and unlocked immediately after compressed I/O completion, but if physical blocks are not submitted incrementally, separate BIOs should be used to avoid dependencies. The current Linux kernel code misarranges the function z_erofs_fill_bio_vec() and BIO submission, leading to unexpected BIO waits and deadlocks. Additionally, the linkage of managed folios to their pclusters for efficient inter-query operations is complicated by overlapping pclusters, which only appear in fuzzed images. The fix involves falling back to temporary short-lived pages to maintain correctness and reverting part of a previous commit to simplify folio truncation logic. This vulnerability does not appear exploitable via normal filesystem images and has no known exploits in the wild at the time of publication. However, it represents a kernel-level deadlock condition triggered by malformed EROFS images, potentially causing denial of service through task hangs.

For European organizations, this vulnerability primarily poses a risk of denial-of-service (DoS) conditions on Linux systems utilizing the EROFS filesystem, especially in environments where untrusted or malformed filesystem images might be mounted or processed. While EROFS is a read-only filesystem often used in embedded systems, containers, or specialized Linux distributions, its adoption in European industries such as telecommunications, automotive, and embedded device manufacturing is notable. A successful exploitation could cause kernel task hangs, leading to system instability or service interruptions. This could impact critical infrastructure or services relying on Linux-based systems with EROFS support. However, since the vulnerability requires crafted filesystem images that are not generated by standard tools and no known exploits exist, the immediate risk is moderate. Organizations deploying Linux kernels with EROFS support should be aware of potential risks if they handle untrusted images or operate in environments where fuzz testing or malformed images might be introduced, such as development, testing, or supply chain scenarios.

1. Update Linux kernels to versions that include the patch for CVE-2024-47736 as soon as they become available from trusted distributors. 2. Restrict the mounting or processing of untrusted or externally sourced EROFS filesystem images, especially those not generated by standard tools. 3. Implement strict validation and integrity checks on filesystem images before mounting, including scanning for anomalies such as overlapping pclusters. 4. In environments using containerization or embedded devices with EROFS, enforce strict image provenance and signing policies to prevent introduction of malformed images. 5. Monitor kernel logs and system behavior for signs of task hangs or deadlocks related to filesystem I/O operations, enabling early detection of potential exploitation attempts. 6. For development and testing environments, isolate fuzz testing activities to prevent malformed images from reaching production systems. 7. Collaborate with Linux distribution vendors to ensure timely patch deployment and communicate the importance of this update to system administrators.