CVE-2024-55641: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x138e1c0 len 32 error 5 XFS (dm-0): log I/O error -5 XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. XFS (dm-0): Please unmount the filesystem and rectify the problem(s) XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs] XFS (dm-0): Corruption detected. Unmount and run xfs_repair XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7 The system is stuck in unmount trying to lock a couple of inodes so that they can be purged. The dquot corruption notice above is a clue to what happened -- a link() call tried to set up a transaction to link a child into a directory. Quota reservation for the transaction failed after IO errors shut down the filesystem, but then we forgot to unlock the inodes on our way out. Fix that.
AI Analysis
Technical Summary
CVE-2024-55641 is a vulnerability found in the Linux kernel's XFS filesystem implementation. The issue arises during error handling in the function xfs_trans_alloc_dir, specifically when unlocking inodes after a failed quota reservation during a link() system call. The vulnerability manifests when the filesystem encounters I/O errors that cause the XFS filesystem to shut down and become corrupted. In this scenario, the kernel fails to properly unlock inodes that were locked as part of a transaction to link a child directory entry. This leads to the system hanging during unmount operations because the inodes remain locked and cannot be purged. The root cause is a missing unlock step in the error path after quota reservation fails due to prior I/O errors. The vulnerability is triggered by filesystem corruption and quota reservation failures, causing internal errors such as "dqp->q_ino.reserved < dqp->q_ino.count" and metadata I/O errors logged in dmesg. The system may become unresponsive or stuck during unmount, requiring manual intervention with tools like xfs_repair to restore filesystem integrity. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The affected versions are specific Linux kernel commits identified by their hashes. This vulnerability impacts the stability and availability of systems using the XFS filesystem under error conditions, potentially leading to denial of service due to system hangs and filesystem corruption.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the XFS filesystem, which is commonly used in enterprise environments for its scalability and performance. The impact includes potential denial of service caused by system hangs during unmount operations, which can disrupt critical services relying on affected storage volumes. Organizations using XFS on servers handling databases, file storage, or virtual machine images may experience downtime or data unavailability. Although the vulnerability does not directly lead to data leakage or privilege escalation, the resulting filesystem corruption and unmount failures can cause operational disruptions and require time-consuming recovery procedures. In sectors such as finance, healthcare, and government, where data integrity and availability are paramount, such disruptions could have significant operational and compliance consequences. Additionally, the need for manual repair increases the risk of human error during recovery. Since no known exploits exist yet, the immediate threat level is moderate, but the vulnerability should be addressed promptly to avoid potential exploitation or accidental triggering during hardware failures or disk errors.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that fix the inode unlocking issue in the XFS filesystem as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Implement robust monitoring of filesystem health and I/O errors to detect early signs of XFS corruption or quota reservation failures, enabling proactive intervention before hangs occur. 3) Regularly back up critical data stored on XFS filesystems to minimize data loss risk in case of corruption. 4) Test recovery procedures using xfs_repair in controlled environments to ensure rapid restoration capability. 5) Consider deploying alternative filesystems or configurations for critical workloads where feasible, especially if frequent I/O errors are observed. 6) Educate system administrators on recognizing symptoms of this issue in system logs (e.g., metadata I/O errors, dquot corruption messages) to facilitate timely diagnosis. 7) Maintain updated hardware drivers and firmware to reduce the likelihood of underlying I/O errors that can trigger this vulnerability. These steps go beyond generic advice by focusing on early detection, preparedness, and patch management specific to the XFS inode unlocking issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-55641: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x138e1c0 len 32 error 5 XFS (dm-0): log I/O error -5 XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. XFS (dm-0): Please unmount the filesystem and rectify the problem(s) XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs] XFS (dm-0): Corruption detected. Unmount and run xfs_repair XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7 The system is stuck in unmount trying to lock a couple of inodes so that they can be purged. The dquot corruption notice above is a clue to what happened -- a link() call tried to set up a transaction to link a child into a directory. Quota reservation for the transaction failed after IO errors shut down the filesystem, but then we forgot to unlock the inodes on our way out. Fix that.
AI-Powered Analysis
Technical Analysis
CVE-2024-55641 is a vulnerability found in the Linux kernel's XFS filesystem implementation. The issue arises during error handling in the function xfs_trans_alloc_dir, specifically when unlocking inodes after a failed quota reservation during a link() system call. The vulnerability manifests when the filesystem encounters I/O errors that cause the XFS filesystem to shut down and become corrupted. In this scenario, the kernel fails to properly unlock inodes that were locked as part of a transaction to link a child directory entry. This leads to the system hanging during unmount operations because the inodes remain locked and cannot be purged. The root cause is a missing unlock step in the error path after quota reservation fails due to prior I/O errors. The vulnerability is triggered by filesystem corruption and quota reservation failures, causing internal errors such as "dqp->q_ino.reserved < dqp->q_ino.count" and metadata I/O errors logged in dmesg. The system may become unresponsive or stuck during unmount, requiring manual intervention with tools like xfs_repair to restore filesystem integrity. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The affected versions are specific Linux kernel commits identified by their hashes. This vulnerability impacts the stability and availability of systems using the XFS filesystem under error conditions, potentially leading to denial of service due to system hangs and filesystem corruption.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with the XFS filesystem, which is commonly used in enterprise environments for its scalability and performance. The impact includes potential denial of service caused by system hangs during unmount operations, which can disrupt critical services relying on affected storage volumes. Organizations using XFS on servers handling databases, file storage, or virtual machine images may experience downtime or data unavailability. Although the vulnerability does not directly lead to data leakage or privilege escalation, the resulting filesystem corruption and unmount failures can cause operational disruptions and require time-consuming recovery procedures. In sectors such as finance, healthcare, and government, where data integrity and availability are paramount, such disruptions could have significant operational and compliance consequences. Additionally, the need for manual repair increases the risk of human error during recovery. Since no known exploits exist yet, the immediate threat level is moderate, but the vulnerability should be addressed promptly to avoid potential exploitation or accidental triggering during hardware failures or disk errors.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that fix the inode unlocking issue in the XFS filesystem as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Implement robust monitoring of filesystem health and I/O errors to detect early signs of XFS corruption or quota reservation failures, enabling proactive intervention before hangs occur. 3) Regularly back up critical data stored on XFS filesystems to minimize data loss risk in case of corruption. 4) Test recovery procedures using xfs_repair in controlled environments to ensure rapid restoration capability. 5) Consider deploying alternative filesystems or configurations for critical workloads where feasible, especially if frequent I/O errors are observed. 6) Educate system administrators on recognizing symptoms of this issue in system logs (e.g., metadata I/O errors, dquot corruption messages) to facilitate timely diagnosis. 7) Maintain updated hardware drivers and firmware to reduce the likelihood of underlying I/O errors that can trigger this vulnerability. These steps go beyond generic advice by focusing on early detection, preparedness, and patch management specific to the XFS inode unlocking issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-09T09:51:32.506Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf10a
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 11:24:59 AM
Last updated: 8/15/2025, 7:30:24 AM
Views: 13
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.