CVE-2024-42149 in Linux
Summary
by MITRE • 07/30/2024
In the Linux kernel, the following vulnerability has been resolved:
fs: don't misleadingly warn during thaw operations
The block device may have been frozen before it was claimed by a filesystem. Concurrently another process might try to mount that frozen block device and has temporarily claimed the block device for that purpose causing a concurrent fs_bdev_thaw() to end up here. The mounter is already about to abort mounting because they still saw an elevanted bdev->bd_fsfreeze_count so get_bdev_super() will return NULL in that case.
For example, P1 calls dm_suspend() which calls into bdev_freeze() before the block device has been claimed by the filesystem. This brings bdev->bd_fsfreeze_count to 1 and no call into fs_bdev_freeze() is required.
Now P2 tries to mount that frozen block device. It claims it and checks bdev->bd_fsfreeze_count. As it's elevated it aborts mounting.
In the meantime P3 called dm_resume(). P3 sees that the block device is already claimed by a filesystem and calls into fs_bdev_thaw().
P3 takes a passive reference and realizes that the filesystem isn't ready yet. P3 puts itself to sleep to wait for the filesystem to become ready.
P2 now puts the last active reference to the filesystem and marks it as dying. P3 gets woken, sees that the filesystem is dying and get_bdev_super() fails.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/19/2025
The vulnerability described in CVE-2024-42149 resides within the Linux kernel's filesystem subsystem and specifically addresses an issue in the thaw operations of block devices. This flaw manifests as misleading warning messages during filesystem thawing processes, creating confusion for system administrators and potentially masking underlying operational issues. The problem occurs when block devices undergo freezing and thawing operations in concurrent environments where multiple processes attempt to manage the same device simultaneously. The kernel's handling of these operations becomes inconsistent when dealing with devices that have been frozen prior to filesystem claiming, leading to erroneous warning generation that does not accurately reflect the actual system state.
The technical implementation of this vulnerability stems from the complex interaction between device freezing mechanisms and filesystem mounting operations within the Linux kernel. When a block device is frozen through operations like dm_suspend() which invokes bdev_freeze(), the device's bd_fsfreeze_count is incremented to 1, indicating that the device is in a frozen state. Subsequently, when another process attempts to mount this frozen device, the mounting process checks the elevated bd_fsfreeze_count and aborts the mount operation. However, during this sequence, a third process may resume the device through dm_resume() which calls fs_bdev_thaw(), creating a race condition scenario. The system's logic fails to properly account for the fact that the filesystem may have already been marked as dying during the mounting attempt, leading to incorrect warning generation when get_bdev_super() returns NULL due to the filesystem's termination state.
The operational impact of this vulnerability extends beyond simple warning messages as it can create misleading diagnostic information during system troubleshooting and monitoring. This issue particularly affects systems utilizing device mapper operations where multiple processes may concurrently attempt to manage the same block device. The misleading warnings can obscure genuine system issues, making it difficult for administrators to identify actual problems in the filesystem or device management subsystem. The vulnerability's implications are particularly significant in enterprise environments where automated monitoring systems rely on accurate warning generation for operational integrity. Additionally, this flaw demonstrates weaknesses in the kernel's concurrent access control mechanisms for block device management, potentially creating scenarios where system stability could be compromised through incorrect state handling during device lifecycle operations.
Mitigation strategies for CVE-2024-42149 should focus on ensuring proper handling of concurrent device freezing and thawing operations within the kernel. System administrators should ensure that kernel updates are applied promptly to address this specific vulnerability, as the fix involves correcting the logic flow in how the kernel handles filesystem thaw operations when devices are in inconsistent states. The resolution addresses the specific race condition between device management processes and filesystem mounting operations, particularly in scenarios involving device mapper operations. Organizations should implement monitoring protocols that can detect unusual patterns in device freezing and thawing operations, as these may indicate potential exploitation attempts or system misconfigurations. This vulnerability aligns with CWE-362, which describes concurrent execution use of a resource without proper synchronization, and relates to ATT&CK technique T1490, which involves data destruction through system manipulation. The fix essentially ensures that the kernel properly distinguishes between legitimate warning conditions and spurious warnings that occur due to the complex interplay of concurrent device management operations, thereby improving the overall reliability and diagnostic accuracy of the Linux kernel's filesystem subsystem.