CVE-2024-57804 is a vulnerability identified in the Linux kernel, specifically within the SCSI subsystem's mpi3mr driver, which handles SAS (Serial Attached SCSI) transport operations. The vulnerability arises due to improper handling of configuration pages related to PHY (physical layer) state management in a controller or expander setup. The mpi3mr driver exposes a sysfs interface that allows enabling or disabling PHYs. When multiple PHYs are rapidly disabled and re-enabled in succession, the persistent and current configuration pages associated with SAS IO units or SAS expanders can become corrupted. This corruption occurs because the driver does not allocate separate memory for each configuration request, leading to memory management issues and potential data integrity problems. The root cause is a race condition or improper synchronization in handling config pages during rapid state changes of PHYs. The fix involves using separate memory allocations for each configuration request to prevent corruption. This vulnerability affects Linux kernel versions identified by the commit hash 32d457d5a2af9bf5ddbe28297eabf1fc93451665, with the issue publicly disclosed on January 11, 2025. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using the mpi3mr driver for SAS storage devices, which are common in enterprise storage environments and data centers relying on Linux-based servers for storage management.

For European organizations, this vulnerability could have significant implications, especially for enterprises and data centers that rely on Linux servers with SAS storage controllers using the mpi3mr driver. Corruption of configuration pages in SAS expanders or IO units can lead to data integrity issues, potential data loss, or system instability. This could disrupt critical storage operations, affecting availability and reliability of storage systems. Organizations in sectors such as finance, healthcare, telecommunications, and government, which often use high-availability Linux storage solutions, may face operational disruptions or increased risk of data corruption. Although there are no known exploits currently, the vulnerability's nature suggests that an attacker with local access or the ability to trigger rapid PHY state changes could cause denial of service or data corruption. This risk is heightened in environments where automated scripts or management tools rapidly toggle PHY states for maintenance or failover purposes. The impact on confidentiality is limited since the vulnerability does not directly expose data, but integrity and availability are at risk. Given the widespread use of Linux in European IT infrastructure, the vulnerability could affect a broad range of organizations if unpatched.

To mitigate this vulnerability, European organizations should prioritize applying the official Linux kernel patches that address CVE-2024-57804 as soon as they become available. Until patches are deployed, organizations should minimize rapid enable/disable operations on SAS PHYs, especially in automated management scripts or monitoring tools. System administrators should audit and adjust any orchestration or storage management workflows that perform frequent PHY state toggling. Additionally, monitoring sysfs interactions related to SAS PHYs for unusual or rapid state changes can help detect potential exploitation attempts. Organizations should also ensure robust backup and data integrity verification processes are in place to mitigate potential data corruption impacts. For environments where patching is delayed, consider isolating affected systems or limiting user access to interfaces that can trigger PHY state changes. Finally, maintain up-to-date inventory of Linux kernel versions and affected hardware to prioritize remediation efforts effectively.