CVE-2024-53112: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.
AI Analysis
Technical Summary
CVE-2024-53112 is a vulnerability identified in the Linux kernel's OCFS2 (Oracle Cluster File System version 2) filesystem implementation. The flaw arises from improper handling of buffer heads when an ioctl operation (specifically OCFS2_IOC_GROUP_ADD) fails for a particular inode during the function ocfs2_verify_group_and_input(). In this failure scenario, the buffer head associated with the inode remains cached erroneously. Subsequent invocations of the same ioctl on the same inode attempt to cache the same buffer head again, triggering a kernel BUG at fs/ocfs2/uptodate.c:509. This is due to the kernel trying to cache a buffer head that should have been uncached after the initial failure. The root cause is the lack of uncaching the buffer head on the error path within the ocfs2_group_add() function. The fix involves calling ocfs2_remove_from_cache() to properly uncache the buffer head when the ioctl fails, preventing the kernel BUG from occurring. This vulnerability can lead to kernel crashes (denial of service) when the ioctl is repeatedly called on the affected inode, potentially destabilizing systems using OCFS2. The vulnerability is specific to the OCFS2 filesystem, which is used primarily in clustered environments requiring shared storage access. There is no indication of known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability requires local access to invoke the ioctl on the affected inode, and it does not appear to allow privilege escalation or arbitrary code execution directly. However, kernel crashes can impact system availability and reliability, especially in critical clustered storage environments.
Potential Impact
For European organizations, especially those utilizing Linux servers with OCFS2 filesystems in clustered storage or high-availability setups, this vulnerability poses a risk of denial of service due to kernel crashes. Such disruptions can affect critical infrastructure, data centers, and enterprise applications relying on shared storage clusters. The impact is particularly relevant for industries with stringent uptime requirements such as finance, telecommunications, healthcare, and manufacturing. Kernel crashes can lead to service interruptions, data unavailability, and potential cascading failures in clustered environments. While the vulnerability does not directly expose data confidentiality or integrity risks, the availability impact can cause operational downtime and increased recovery costs. Organizations running Linux distributions that include OCFS2 support or custom kernels with OCFS2 enabled should be aware of this issue. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service in critical systems warrants prompt attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-53112 as soon as they become available from trusted sources or Linux distribution vendors. 2. If patching is delayed, consider disabling or avoiding the use of the OCFS2 filesystem on production systems, especially on nodes where the ioctl OCFS2_IOC_GROUP_ADD might be invoked. 3. Implement strict access controls to limit which users or processes can perform ioctl operations on OCFS2 inodes, reducing the risk of accidental or malicious triggering of the vulnerability. 4. Monitor kernel logs for BUG messages related to OCFS2 to detect potential exploitation attempts or system instability early. 5. In clustered environments, ensure failover and redundancy mechanisms are tested and operational to mitigate the impact of any node crashes. 6. Coordinate with Linux distribution maintainers or vendors to receive timely updates and advisories related to this vulnerability. 7. Conduct thorough testing of kernel updates in staging environments before deployment to production to avoid regressions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Italy, Spain, Poland
CVE-2024-53112: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'.
AI-Powered Analysis
Technical Analysis
CVE-2024-53112 is a vulnerability identified in the Linux kernel's OCFS2 (Oracle Cluster File System version 2) filesystem implementation. The flaw arises from improper handling of buffer heads when an ioctl operation (specifically OCFS2_IOC_GROUP_ADD) fails for a particular inode during the function ocfs2_verify_group_and_input(). In this failure scenario, the buffer head associated with the inode remains cached erroneously. Subsequent invocations of the same ioctl on the same inode attempt to cache the same buffer head again, triggering a kernel BUG at fs/ocfs2/uptodate.c:509. This is due to the kernel trying to cache a buffer head that should have been uncached after the initial failure. The root cause is the lack of uncaching the buffer head on the error path within the ocfs2_group_add() function. The fix involves calling ocfs2_remove_from_cache() to properly uncache the buffer head when the ioctl fails, preventing the kernel BUG from occurring. This vulnerability can lead to kernel crashes (denial of service) when the ioctl is repeatedly called on the affected inode, potentially destabilizing systems using OCFS2. The vulnerability is specific to the OCFS2 filesystem, which is used primarily in clustered environments requiring shared storage access. There is no indication of known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability requires local access to invoke the ioctl on the affected inode, and it does not appear to allow privilege escalation or arbitrary code execution directly. However, kernel crashes can impact system availability and reliability, especially in critical clustered storage environments.
Potential Impact
For European organizations, especially those utilizing Linux servers with OCFS2 filesystems in clustered storage or high-availability setups, this vulnerability poses a risk of denial of service due to kernel crashes. Such disruptions can affect critical infrastructure, data centers, and enterprise applications relying on shared storage clusters. The impact is particularly relevant for industries with stringent uptime requirements such as finance, telecommunications, healthcare, and manufacturing. Kernel crashes can lead to service interruptions, data unavailability, and potential cascading failures in clustered environments. While the vulnerability does not directly expose data confidentiality or integrity risks, the availability impact can cause operational downtime and increased recovery costs. Organizations running Linux distributions that include OCFS2 support or custom kernels with OCFS2 enabled should be aware of this issue. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service in critical systems warrants prompt attention.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2024-53112 as soon as they become available from trusted sources or Linux distribution vendors. 2. If patching is delayed, consider disabling or avoiding the use of the OCFS2 filesystem on production systems, especially on nodes where the ioctl OCFS2_IOC_GROUP_ADD might be invoked. 3. Implement strict access controls to limit which users or processes can perform ioctl operations on OCFS2 inodes, reducing the risk of accidental or malicious triggering of the vulnerability. 4. Monitor kernel logs for BUG messages related to OCFS2 to detect potential exploitation attempts or system instability early. 5. In clustered environments, ensure failover and redundancy mechanisms are tested and operational to mitigate the impact of any node crashes. 6. Coordinate with Linux distribution maintainers or vendors to receive timely updates and advisories related to this vulnerability. 7. Conduct thorough testing of kernel updates in staging environments before deployment to production to avoid regressions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.993Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfa21
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 3:10:22 PM
Last updated: 8/11/2025, 7:40:51 PM
Views: 11
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.