CVE-2024-56743: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nfs_common: must not hold RCU while calling nfsd_file_put_local Move holding the RCU from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put. It is the call to nfs_to->nfsd_serv_put that requires the RCU anyway (the puts for nfsd_file and netns were combined to avoid an extra indirect reference but that micro-optimization isn't possible now). This fixes xfstests generic/013 and it triggering: "Voluntary context switch within RCU read-side critical section!" [ 143.545738] Call Trace: [ 143.546206] <TASK> [ 143.546625] ? show_regs+0x6d/0x80 [ 143.547267] ? __warn+0x91/0x140 [ 143.547951] ? rcu_note_context_switch+0x496/0x5d0 [ 143.548856] ? report_bug+0x193/0x1a0 [ 143.549557] ? handle_bug+0x63/0xa0 [ 143.550214] ? exc_invalid_op+0x1d/0x80 [ 143.550938] ? asm_exc_invalid_op+0x1f/0x30 [ 143.551736] ? rcu_note_context_switch+0x496/0x5d0 [ 143.552634] ? wakeup_preempt+0x62/0x70 [ 143.553358] __schedule+0xaa/0x1380 [ 143.554025] ? _raw_spin_unlock_irqrestore+0x12/0x40 [ 143.554958] ? try_to_wake_up+0x1fe/0x6b0 [ 143.555715] ? wake_up_process+0x19/0x20 [ 143.556452] schedule+0x2e/0x120 [ 143.557066] schedule_preempt_disabled+0x19/0x30 [ 143.557933] rwsem_down_read_slowpath+0x24d/0x4a0 [ 143.558818] ? xfs_efi_item_format+0x50/0xc0 [xfs] [ 143.559894] down_read+0x4e/0xb0 [ 143.560519] xlog_cil_commit+0x1b2/0xbc0 [xfs] [ 143.561460] ? _raw_spin_unlock+0x12/0x30 [ 143.562212] ? xfs_inode_item_precommit+0xc7/0x220 [xfs] [ 143.563309] ? xfs_trans_run_precommits+0x69/0xd0 [xfs] [ 143.564394] __xfs_trans_commit+0xb5/0x330 [xfs] [ 143.565367] xfs_trans_roll+0x48/0xc0 [xfs] [ 143.566262] xfs_defer_trans_roll+0x57/0x100 [xfs] [ 143.567278] xfs_defer_finish_noroll+0x27a/0x490 [xfs] [ 143.568342] xfs_defer_finish+0x1a/0x80 [xfs] [ 143.569267] xfs_bunmapi_range+0x4d/0xb0 [xfs] [ 143.570208] xfs_itruncate_extents_flags+0x13d/0x230 [xfs] [ 143.571353] xfs_free_eofblocks+0x12e/0x190 [xfs] [ 143.572359] xfs_file_release+0x12d/0x140 [xfs] [ 143.573324] __fput+0xe8/0x2d0 [ 143.573922] __fput_sync+0x1d/0x30 [ 143.574574] nfsd_filp_close+0x33/0x60 [nfsd] [ 143.575430] nfsd_file_free+0x96/0x150 [nfsd] [ 143.576274] nfsd_file_put+0xf7/0x1a0 [nfsd] [ 143.577104] nfsd_file_put_local+0x18/0x30 [nfsd] [ 143.578070] nfs_close_local_fh+0x101/0x110 [nfs_localio] [ 143.579079] __put_nfs_open_context+0xc9/0x180 [nfs] [ 143.580031] nfs_file_clear_open_context+0x4a/0x60 [nfs] [ 143.581038] nfs_file_release+0x3e/0x60 [nfs] [ 143.581879] __fput+0xe8/0x2d0 [ 143.582464] __fput_sync+0x1d/0x30 [ 143.583108] __x64_sys_close+0x41/0x80 [ 143.583823] x64_sys_call+0x189a/0x20d0 [ 143.584552] do_syscall_64+0x64/0x170 [ 143.585240] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.586185] RIP: 0033:0x7f3c5153efd7
AI Analysis
Technical Summary
CVE-2024-56743 is a vulnerability identified in the Linux kernel, specifically within the NFS (Network File System) server code. The issue arises from improper handling of Read-Copy-Update (RCU) synchronization primitives during the release of NFS file objects. The vulnerability is due to holding an RCU read-side critical section while calling the function nfsd_file_put_local, which is incorrect and can lead to a voluntary context switch within the RCU read-side critical section. This behavior was detected by the xfstests generic/013 test, which triggered warnings and kernel call traces indicating improper RCU usage. The root cause involves a micro-optimization that combined reference releases for nfsd_file and network namespace objects, which is no longer valid. The fix involves moving the RCU holding from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put, aligning with the requirement that only the call to nfs_to->nfsd_serv_put needs to hold the RCU. The vulnerability is technical and relates to kernel synchronization and resource management, potentially causing kernel warnings, instability, or crashes under certain workloads involving NFS file operations. There is no indication that this vulnerability directly allows privilege escalation or remote code execution, but it can affect kernel stability and reliability, particularly in environments heavily utilizing NFS. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those relying on Linux-based servers for NFS file sharing and network storage, this vulnerability could lead to system instability or unexpected kernel warnings and crashes. This can disrupt critical file-sharing services, impacting availability and potentially causing downtime in enterprise environments. Organizations using Linux kernels with affected versions in data centers, cloud infrastructure, or internal networks may experience degraded performance or service interruptions. While this vulnerability does not appear to directly compromise confidentiality or integrity, the availability impact can be significant in environments where NFS is a backbone for shared storage or application data. Disruptions in such services could affect business operations, data access, and service continuity. Given the widespread use of Linux in European IT infrastructure, the impact could be broad but primarily operational rather than a direct security breach.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that address CVE-2024-56743 as soon as they become available from their Linux distribution vendors. 2) Monitor kernel logs for RCU-related warnings or errors, especially those related to NFS operations, to detect potential exploitation or instability early. 3) Conduct thorough testing of kernel updates in staging environments that replicate production NFS workloads to ensure stability before deployment. 4) Limit exposure by restricting NFS server access to trusted networks and clients, reducing the risk of triggering the vulnerability through malicious or malformed NFS requests. 5) Employ kernel hardening and monitoring tools to detect abnormal kernel behavior or crashes that could indicate attempts to exploit synchronization issues. 6) Maintain regular backups and disaster recovery plans to minimize operational impact in case of service disruption. These steps go beyond generic advice by focusing on proactive monitoring, controlled deployment, and network access restrictions tailored to the nature of this kernel synchronization vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Italy, Spain, Poland
CVE-2024-56743: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nfs_common: must not hold RCU while calling nfsd_file_put_local Move holding the RCU from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put. It is the call to nfs_to->nfsd_serv_put that requires the RCU anyway (the puts for nfsd_file and netns were combined to avoid an extra indirect reference but that micro-optimization isn't possible now). This fixes xfstests generic/013 and it triggering: "Voluntary context switch within RCU read-side critical section!" [ 143.545738] Call Trace: [ 143.546206] <TASK> [ 143.546625] ? show_regs+0x6d/0x80 [ 143.547267] ? __warn+0x91/0x140 [ 143.547951] ? rcu_note_context_switch+0x496/0x5d0 [ 143.548856] ? report_bug+0x193/0x1a0 [ 143.549557] ? handle_bug+0x63/0xa0 [ 143.550214] ? exc_invalid_op+0x1d/0x80 [ 143.550938] ? asm_exc_invalid_op+0x1f/0x30 [ 143.551736] ? rcu_note_context_switch+0x496/0x5d0 [ 143.552634] ? wakeup_preempt+0x62/0x70 [ 143.553358] __schedule+0xaa/0x1380 [ 143.554025] ? _raw_spin_unlock_irqrestore+0x12/0x40 [ 143.554958] ? try_to_wake_up+0x1fe/0x6b0 [ 143.555715] ? wake_up_process+0x19/0x20 [ 143.556452] schedule+0x2e/0x120 [ 143.557066] schedule_preempt_disabled+0x19/0x30 [ 143.557933] rwsem_down_read_slowpath+0x24d/0x4a0 [ 143.558818] ? xfs_efi_item_format+0x50/0xc0 [xfs] [ 143.559894] down_read+0x4e/0xb0 [ 143.560519] xlog_cil_commit+0x1b2/0xbc0 [xfs] [ 143.561460] ? _raw_spin_unlock+0x12/0x30 [ 143.562212] ? xfs_inode_item_precommit+0xc7/0x220 [xfs] [ 143.563309] ? xfs_trans_run_precommits+0x69/0xd0 [xfs] [ 143.564394] __xfs_trans_commit+0xb5/0x330 [xfs] [ 143.565367] xfs_trans_roll+0x48/0xc0 [xfs] [ 143.566262] xfs_defer_trans_roll+0x57/0x100 [xfs] [ 143.567278] xfs_defer_finish_noroll+0x27a/0x490 [xfs] [ 143.568342] xfs_defer_finish+0x1a/0x80 [xfs] [ 143.569267] xfs_bunmapi_range+0x4d/0xb0 [xfs] [ 143.570208] xfs_itruncate_extents_flags+0x13d/0x230 [xfs] [ 143.571353] xfs_free_eofblocks+0x12e/0x190 [xfs] [ 143.572359] xfs_file_release+0x12d/0x140 [xfs] [ 143.573324] __fput+0xe8/0x2d0 [ 143.573922] __fput_sync+0x1d/0x30 [ 143.574574] nfsd_filp_close+0x33/0x60 [nfsd] [ 143.575430] nfsd_file_free+0x96/0x150 [nfsd] [ 143.576274] nfsd_file_put+0xf7/0x1a0 [nfsd] [ 143.577104] nfsd_file_put_local+0x18/0x30 [nfsd] [ 143.578070] nfs_close_local_fh+0x101/0x110 [nfs_localio] [ 143.579079] __put_nfs_open_context+0xc9/0x180 [nfs] [ 143.580031] nfs_file_clear_open_context+0x4a/0x60 [nfs] [ 143.581038] nfs_file_release+0x3e/0x60 [nfs] [ 143.581879] __fput+0xe8/0x2d0 [ 143.582464] __fput_sync+0x1d/0x30 [ 143.583108] __x64_sys_close+0x41/0x80 [ 143.583823] x64_sys_call+0x189a/0x20d0 [ 143.584552] do_syscall_64+0x64/0x170 [ 143.585240] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.586185] RIP: 0033:0x7f3c5153efd7
AI-Powered Analysis
Technical Analysis
CVE-2024-56743 is a vulnerability identified in the Linux kernel, specifically within the NFS (Network File System) server code. The issue arises from improper handling of Read-Copy-Update (RCU) synchronization primitives during the release of NFS file objects. The vulnerability is due to holding an RCU read-side critical section while calling the function nfsd_file_put_local, which is incorrect and can lead to a voluntary context switch within the RCU read-side critical section. This behavior was detected by the xfstests generic/013 test, which triggered warnings and kernel call traces indicating improper RCU usage. The root cause involves a micro-optimization that combined reference releases for nfsd_file and network namespace objects, which is no longer valid. The fix involves moving the RCU holding from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put, aligning with the requirement that only the call to nfs_to->nfsd_serv_put needs to hold the RCU. The vulnerability is technical and relates to kernel synchronization and resource management, potentially causing kernel warnings, instability, or crashes under certain workloads involving NFS file operations. There is no indication that this vulnerability directly allows privilege escalation or remote code execution, but it can affect kernel stability and reliability, particularly in environments heavily utilizing NFS. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, especially those relying on Linux-based servers for NFS file sharing and network storage, this vulnerability could lead to system instability or unexpected kernel warnings and crashes. This can disrupt critical file-sharing services, impacting availability and potentially causing downtime in enterprise environments. Organizations using Linux kernels with affected versions in data centers, cloud infrastructure, or internal networks may experience degraded performance or service interruptions. While this vulnerability does not appear to directly compromise confidentiality or integrity, the availability impact can be significant in environments where NFS is a backbone for shared storage or application data. Disruptions in such services could affect business operations, data access, and service continuity. Given the widespread use of Linux in European IT infrastructure, the impact could be broad but primarily operational rather than a direct security breach.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that address CVE-2024-56743 as soon as they become available from their Linux distribution vendors. 2) Monitor kernel logs for RCU-related warnings or errors, especially those related to NFS operations, to detect potential exploitation or instability early. 3) Conduct thorough testing of kernel updates in staging environments that replicate production NFS workloads to ensure stability before deployment. 4) Limit exposure by restricting NFS server access to trusted networks and clients, reducing the risk of triggering the vulnerability through malicious or malformed NFS requests. 5) Employ kernel hardening and monitoring tools to detect abnormal kernel behavior or crashes that could indicate attempts to exploit synchronization issues. 6) Maintain regular backups and disaster recovery plans to minimize operational impact in case of service disruption. These steps go beyond generic advice by focusing on proactive monitoring, controlled deployment, and network access restrictions tailored to the nature of this kernel synchronization vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T11:26:39.758Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde6bb
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 7:40:22 AM
Last updated: 7/26/2025, 5:28:17 PM
Views: 11
Related Threats
CVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumCVE-2025-8314: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
MediumCVE-2025-8059: CWE-862 Missing Authorization in bplugins B Blocks – The ultimate block collection
CriticalCVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.