CVE-2024-57941 is a vulnerability identified in the Linux kernel's netfs subsystem, specifically related to the handling of caching mechanisms when using deprecated methods such as PG_private_2, which is currently employed by Ceph. The issue arises when caching for a file's cookie is temporarily disabled, for example during a direct I/O (DIO) write operation. Under these conditions, subsequent attempts to copy data to the cache for that file are disabled until all file descriptors (fds) associated with that file are closed. However, if netfslib uses the deprecated PG_private_2 method and attempts to copy to the cache, the function netfs_advance_write() prematurely exits upon detecting that the cache stream is unavailable. It incorrectly signals that all content has been handled, resulting in no subrequests being generated to drive the state machine or to pin the request. Consequently, the request is discarded, leaving folios marked with PG_private_2 set, which are not properly cleaned up. This can lead to resource leaks and potentially cause the system or applications relying on this mechanism (such as Ceph with active caching and the "-o fsc" option) to hang or become unresponsive. The fix involves modifying the code to cancel the request immediately if the cache is unavailable, ensuring that folios are properly cleaned up by netfs_pgpriv2_cancel(), preventing hangs and resource leaks. This vulnerability was discovered through testing with xfstest against Ceph under specific caching conditions. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, especially those utilizing Linux-based systems with Ceph storage clusters or other netfs-dependent file systems, this vulnerability can lead to system instability and potential denial of service conditions. The improper handling of cache disabling can cause file operations to hang, impacting availability of critical storage services. Organizations relying on Ceph for distributed storage, common in cloud providers, data centers, and enterprises with large-scale storage needs, may experience disruptions in data access or degraded performance. This can affect sectors such as finance, healthcare, telecommunications, and government services where Linux and Ceph are prevalent. Additionally, resource leaks caused by uncleaned folios could degrade system performance over time, increasing maintenance overhead and risk of unexpected outages. While there is no indication of direct confidentiality or integrity compromise, the availability impact alone can be significant for mission-critical environments.

European organizations should promptly apply the Linux kernel patch that addresses CVE-2024-57941 once it becomes available from their Linux distribution vendors. Until patches are applied, administrators should consider disabling or limiting the use of the deprecated PG_private_2 method in netfs if possible, or avoid configurations that temporarily disable caching on files managed by Ceph or similar netfs implementations. Monitoring systems should be enhanced to detect hangs or stalls in file operations related to Ceph or netfs caching. Additionally, organizations should review their use of the "-o fsc" option in Ceph mounts and test updates in staging environments to ensure stability. Regular kernel updates and proactive testing of storage subsystems are recommended to prevent similar issues. Collaboration with Linux distribution maintainers and Ceph developers can provide early warnings and tailored fixes. Finally, ensure that system logs and monitoring tools are configured to capture anomalies related to netfs and Ceph operations to facilitate rapid incident response.