CVE-2024-49880: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in alloc_flex_gd() Wesley reported an issue: ================================================================== EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks ------------[ cut here ]------------ kernel BUG at fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Call Trace: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== While reviewing the patch, Honza found that when adjusting resize_bg in alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than flexbg_size. The reproduction of the problem requires the following: o_group = flexbg_size * 2 * n; o_size = (o_group + 1) * group_size; n_group: [o_group + flexbg_size, o_group + flexbg_size * 2) o_size = (n_group + 1) * group_size; Take n=0,flexbg_size=16 as an example: last:15 |o---------------|--------------n-| o_group:0 resize to n_group:30 The corresponding reproducer is: img=test.img rm -f $img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE() to prevent the issue from happening again. [ Note: another reproucer which this commit fixes is: img=test.img rm -f $img truncate -s 25MiB $img mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img truncate -s 3GiB $img dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 3G umount $dev losetup -d $dev -- TYT ]
AI Analysis
Technical Summary
CVE-2024-49880 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically in the alloc_flex_gd() function related to flexible block group allocation during filesystem resizing operations. The flaw is an off-by-one error that occurs when adjusting the resize_bg parameter, allowing flex_gd->resize_bg to exceed the flexbg_size boundary. This leads to a kernel BUG triggered during ext4 filesystem resizing, as demonstrated by the kernel panic at ext4_resize_fs in the resize.c source file. The issue manifests when resizing ext4 filesystems with specific parameters, such as certain block sizes and group counts, causing the kernel to crash or behave unexpectedly. The vulnerability was discovered through reproducer scripts that create and resize ext4 filesystems under controlled conditions, revealing the off-by-one boundary violation. The patch removes the problematic '+1' increment and adds a WARN_ON_ONCE() to prevent recurrence. This vulnerability affects Linux kernel versions prior to the fix and impacts systems using ext4 filesystems that undergo resizing operations, particularly with flexible block group layouts. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with ext4 filesystems that perform resizing operations, such as cloud infrastructure, data centers, and enterprise servers. A successful trigger of this bug can cause kernel panics leading to system crashes and potential denial of service (DoS). This can disrupt critical services, data availability, and operational continuity. While the vulnerability does not directly indicate data corruption or privilege escalation, unexpected kernel crashes can lead to data loss or filesystem inconsistencies if not properly managed. Organizations relying on dynamic storage resizing, such as virtualized environments or container platforms, may be particularly vulnerable. The impact is heightened in environments where uptime and data integrity are critical, such as financial institutions, healthcare providers, and public sector infrastructure across Europe. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component necessitates prompt attention to avoid potential exploitation or accidental triggering during maintenance.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched version that addresses CVE-2024-49880. Specifically, kernel versions released after the patch date (post-October 2024) should be deployed. System administrators should audit systems that perform ext4 filesystem resizing operations, especially those using flexible block groups, and avoid resizing ext4 filesystems on vulnerable kernel versions until patched. Implementing monitoring for kernel warnings or panics related to ext4 resizing can help detect attempts to trigger this vulnerability. Backup strategies should be reviewed and tested to ensure data integrity in case of filesystem corruption or crashes. For environments using automated or scripted resizing, validation of input parameters to avoid triggering the off-by-one condition is advisable. Additionally, organizations should consider isolating critical systems or using alternative filesystems for dynamic resizing workloads until patches are applied. Coordination with Linux distribution vendors for timely patch deployment and verification is essential.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-49880: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off by one issue in alloc_flex_gd() Wesley reported an issue: ================================================================== EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks ------------[ cut here ]------------ kernel BUG at fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Call Trace: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== While reviewing the patch, Honza found that when adjusting resize_bg in alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than flexbg_size. The reproduction of the problem requires the following: o_group = flexbg_size * 2 * n; o_size = (o_group + 1) * group_size; n_group: [o_group + flexbg_size, o_group + flexbg_size * 2) o_size = (n_group + 1) * group_size; Take n=0,flexbg_size=16 as an example: last:15 |o---------------|--------------n-| o_group:0 resize to n_group:30 The corresponding reproducer is: img=test.img rm -f $img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE() to prevent the issue from happening again. [ Note: another reproucer which this commit fixes is: img=test.img rm -f $img truncate -s 25MiB $img mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img truncate -s 3GiB $img dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 3G umount $dev losetup -d $dev -- TYT ]
AI-Powered Analysis
Technical Analysis
CVE-2024-49880 is a vulnerability identified in the Linux kernel's ext4 filesystem implementation, specifically in the alloc_flex_gd() function related to flexible block group allocation during filesystem resizing operations. The flaw is an off-by-one error that occurs when adjusting the resize_bg parameter, allowing flex_gd->resize_bg to exceed the flexbg_size boundary. This leads to a kernel BUG triggered during ext4 filesystem resizing, as demonstrated by the kernel panic at ext4_resize_fs in the resize.c source file. The issue manifests when resizing ext4 filesystems with specific parameters, such as certain block sizes and group counts, causing the kernel to crash or behave unexpectedly. The vulnerability was discovered through reproducer scripts that create and resize ext4 filesystems under controlled conditions, revealing the off-by-one boundary violation. The patch removes the problematic '+1' increment and adds a WARN_ON_ONCE() to prevent recurrence. This vulnerability affects Linux kernel versions prior to the fix and impacts systems using ext4 filesystems that undergo resizing operations, particularly with flexible block group layouts. No known exploits are reported in the wild as of the publication date, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with ext4 filesystems that perform resizing operations, such as cloud infrastructure, data centers, and enterprise servers. A successful trigger of this bug can cause kernel panics leading to system crashes and potential denial of service (DoS). This can disrupt critical services, data availability, and operational continuity. While the vulnerability does not directly indicate data corruption or privilege escalation, unexpected kernel crashes can lead to data loss or filesystem inconsistencies if not properly managed. Organizations relying on dynamic storage resizing, such as virtualized environments or container platforms, may be particularly vulnerable. The impact is heightened in environments where uptime and data integrity are critical, such as financial institutions, healthcare providers, and public sector infrastructure across Europe. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component necessitates prompt attention to avoid potential exploitation or accidental triggering during maintenance.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched version that addresses CVE-2024-49880. Specifically, kernel versions released after the patch date (post-October 2024) should be deployed. System administrators should audit systems that perform ext4 filesystem resizing operations, especially those using flexible block groups, and avoid resizing ext4 filesystems on vulnerable kernel versions until patched. Implementing monitoring for kernel warnings or panics related to ext4 resizing can help detect attempts to trigger this vulnerability. Backup strategies should be reviewed and tested to ensure data integrity in case of filesystem corruption or crashes. For environments using automated or scripted resizing, validation of input parameters to avoid triggering the off-by-one condition is advisable. Additionally, organizations should consider isolating critical systems or using alternative filesystems for dynamic resizing workloads until patches are applied. Coordination with Linux distribution vendors for timely patch deployment and verification is essential.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.021Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe087e
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 9:11:06 PM
Last updated: 7/31/2025, 10:17:00 AM
Views: 12
Related Threats
CVE-2025-9002: SQL Injection in Surbowl dormitory-management-php
MediumCVE-2025-9001: Stack-based Buffer Overflow in LemonOS
MediumCVE-2025-8867: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in iqonicdesign Graphina – Elementor Charts and Graphs
MediumCVE-2025-8680: CWE-918 Server-Side Request Forgery (SSRF) in bplugins B Slider- Gutenberg Slider Block for WP
MediumCVE-2025-8676: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in bplugins B Slider- Gutenberg Slider Block for WP
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.