CVE-2024-56744: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() syzbot reports deadlock issue of f2fs as below: ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted ------------------------------------------------------ kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated---
AI Analysis
Technical Summary
CVE-2024-56744 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue pertains to a potential deadlock condition within the function f2fs_record_stop_reason(), which is part of the F2FS superblock handling code. The deadlock arises due to a circular locking dependency involving the sb_lock (superblock lock) and internal locks held during inode eviction and superblock write operations. Specifically, the kernel's lock dependency checker (lockdep) detected that the kswapd0 kernel thread attempts to acquire the sb_lock while already holding another lock (sb_internal#2), which itself depends on the sb_lock, creating a circular wait condition. This deadlock can cause the kswapd0 thread, responsible for memory reclaim and page cache management, to stall indefinitely, potentially leading to system hangs or degraded performance. The vulnerability was reported by syzbot, an automated kernel fuzzer, and affects multiple Linux kernel versions as indicated by the affected commit hashes. The root cause is a locking order violation in the F2FS code paths related to inode eviction and superblock updates. Although no public exploits are known at this time, the deadlock can impact system stability under certain workloads involving F2FS file system operations. The patch involves correcting the locking order to prevent circular dependencies and ensure proper synchronization during critical filesystem operations.
Potential Impact
For European organizations, the impact of CVE-2024-56744 primarily concerns systems running Linux with the F2FS file system, which is commonly used on flash storage devices such as SSDs and eMMC, especially in embedded systems, IoT devices, and some servers. A deadlock in the kernel memory management and filesystem layer can lead to system hangs, degraded performance, or forced reboots, potentially disrupting critical services and operations. Organizations relying on Linux-based infrastructure with F2FS for storage may experience availability issues, impacting business continuity. While the vulnerability does not directly expose confidentiality or integrity risks, the denial of service caused by deadlocks can affect service uptime and reliability. This is particularly relevant for sectors with high availability requirements such as telecommunications, finance, healthcare, and industrial control systems prevalent in Europe. Additionally, embedded devices running Linux with F2FS could be affected, which may have cascading effects on supply chains and operational technology environments.
Mitigation Recommendations
To mitigate CVE-2024-56744, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the F2FS deadlock issue as soon as they become available from their Linux distribution vendors or kernel maintainers. 2) Audit and identify systems using the F2FS file system, especially on flash storage devices, to prioritize patching efforts. 3) Monitor system logs and kernel messages for signs of deadlock or lock dependency warnings related to sb_lock or F2FS operations. 4) Where possible, consider temporary workarounds such as avoiding heavy inode eviction workloads or memory pressure scenarios that trigger kswapd activity until patches are applied. 5) For embedded or IoT devices, coordinate with hardware and software vendors to ensure firmware and kernel updates are delivered promptly. 6) Implement robust system monitoring and automated recovery mechanisms to detect and remediate system hangs caused by kernel deadlocks. 7) Engage in vulnerability management processes that include testing kernel updates in staging environments to prevent regressions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-56744: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() syzbot reports deadlock issue of f2fs as below: ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted ------------------------------------------------------ kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-56744 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue pertains to a potential deadlock condition within the function f2fs_record_stop_reason(), which is part of the F2FS superblock handling code. The deadlock arises due to a circular locking dependency involving the sb_lock (superblock lock) and internal locks held during inode eviction and superblock write operations. Specifically, the kernel's lock dependency checker (lockdep) detected that the kswapd0 kernel thread attempts to acquire the sb_lock while already holding another lock (sb_internal#2), which itself depends on the sb_lock, creating a circular wait condition. This deadlock can cause the kswapd0 thread, responsible for memory reclaim and page cache management, to stall indefinitely, potentially leading to system hangs or degraded performance. The vulnerability was reported by syzbot, an automated kernel fuzzer, and affects multiple Linux kernel versions as indicated by the affected commit hashes. The root cause is a locking order violation in the F2FS code paths related to inode eviction and superblock updates. Although no public exploits are known at this time, the deadlock can impact system stability under certain workloads involving F2FS file system operations. The patch involves correcting the locking order to prevent circular dependencies and ensure proper synchronization during critical filesystem operations.
Potential Impact
For European organizations, the impact of CVE-2024-56744 primarily concerns systems running Linux with the F2FS file system, which is commonly used on flash storage devices such as SSDs and eMMC, especially in embedded systems, IoT devices, and some servers. A deadlock in the kernel memory management and filesystem layer can lead to system hangs, degraded performance, or forced reboots, potentially disrupting critical services and operations. Organizations relying on Linux-based infrastructure with F2FS for storage may experience availability issues, impacting business continuity. While the vulnerability does not directly expose confidentiality or integrity risks, the denial of service caused by deadlocks can affect service uptime and reliability. This is particularly relevant for sectors with high availability requirements such as telecommunications, finance, healthcare, and industrial control systems prevalent in Europe. Additionally, embedded devices running Linux with F2FS could be affected, which may have cascading effects on supply chains and operational technology environments.
Mitigation Recommendations
To mitigate CVE-2024-56744, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the F2FS deadlock issue as soon as they become available from their Linux distribution vendors or kernel maintainers. 2) Audit and identify systems using the F2FS file system, especially on flash storage devices, to prioritize patching efforts. 3) Monitor system logs and kernel messages for signs of deadlock or lock dependency warnings related to sb_lock or F2FS operations. 4) Where possible, consider temporary workarounds such as avoiding heavy inode eviction workloads or memory pressure scenarios that trigger kswapd activity until patches are applied. 5) For embedded or IoT devices, coordinate with hardware and software vendors to ensure firmware and kernel updates are delivered promptly. 6) Implement robust system monitoring and automated recovery mechanisms to detect and remediate system hangs caused by kernel deadlocks. 7) Engage in vulnerability management processes that include testing kernel updates in staging environments to prevent regressions.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T11:26:39.758Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd18c
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 10:42:52 PM
Last updated: 7/30/2025, 11:39:44 PM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.