CVE-2024-42300 in Linux
Summary
by MITRE • 08/17/2024
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix race in z_erofs_get_gbuf()
In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`.
Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test:
[772156.434168] kernel BUG at fs/erofs/zutil.c:58!
.. [772156.435007]
[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2
[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017
[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs]
[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs]
.. [772156.445958] stress (3127): drop_caches: 1
[772156.446120] Call trace:
[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs]
[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs]
[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs]
[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs]
[772156.447160] z_erofs_readahead+0x224/0x390 [erofs]
..
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/01/2026
The vulnerability CVE-2024-42300 affects the Linux kernel's erofs filesystem implementation and specifically targets a race condition within the z_erofs_get_gbuf() function. This issue arises from improper handling of task migration between CPUs during concurrent operations, creating a scenario where the kernel's integrity is compromised. The race condition manifests when a task is migrated to a different CPU core between the execution of z_erofs_gbuf_id() and the acquisition of a spin lock on gbuf->lock, leading to a kernel BUG at fs/erofs/zutil.c line 58. The vulnerability was identified through extensive stress testing, demonstrating its potential to cause system instability and kernel crashes under concurrent access conditions. The affected code path involves the decompression operations within the erofs filesystem, particularly during LZ4 decompression processes, where the kernel attempts to manage shared buffer resources. This type of race condition falls under the category of improper locking mechanisms and concurrent access violations, which are commonly classified under CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization and CWE-367: Time-of-Check to Time-of-Use (TOCTOU) Race Condition. The vulnerability presents significant operational risks as it can lead to kernel panics and system crashes, particularly in high-concurrency environments where multiple processes attempt to access erofs filesystems simultaneously. The stress test environment that exposed this issue indicates that the race condition is more likely to occur under sustained load conditions, making it a critical concern for systems handling large volumes of concurrent file access operations. From an ATT&CK perspective, this vulnerability could be leveraged for denial-of-service attacks against systems running erofs filesystems, potentially allowing adversaries to destabilize critical infrastructure or services that depend on these filesystem implementations. The root cause lies in the failure to properly account for task migration during critical sections of code execution, where the assumption that a task remains on the same CPU core is violated. The kernel's memory management and buffer handling mechanisms are particularly affected, as the z_erofs_put_gbuf() function attempts to operate on data structures that may have been modified or accessed by a different CPU core due to the migration event.
The technical flaw in CVE-2024-42300 stems from a fundamental misunderstanding of how task migration interacts with lock acquisition in the kernel's erofs subsystem. When z_erofs_get_gbuf() executes z_erofs_gbuf_id() to identify a global buffer, it assumes that the subsequent spin_lock() operation will occur on the same CPU core where the buffer was identified. However, the Linux scheduler may migrate the task to a different CPU core during this brief window, causing the lock to be acquired on a different core than where the buffer was originally identified. This creates a scenario where z_erofs_put_gbuf() attempts to access buffer metadata that may have been invalidated or modified by the migration, leading to the kernel BUG at line 58 of zutil.c. The function's design does not properly account for the possibility of task migration between the identification and locking phases, resulting in a state where the kernel's internal consistency checks fail. The vulnerability is particularly insidious because it operates at the kernel level, where memory corruption can lead to immediate system instability or more subtle issues that may persist undetected. The specific failure point at fs/erofs/zutil.c:58 indicates that the kernel's assertion mechanisms are triggered when attempting to validate buffer states after task migration has occurred. The call trace shows the vulnerability propagating through the decompression queue management system, where z_erofs_decompress_queue() and z_erofs_runqueue() functions interact with the problematic buffer management code. This race condition is exacerbated by the fact that the erofs filesystem is designed for high-performance decompression operations, which require frequent buffer allocation and deallocation, increasing the probability of encountering the race scenario. The vulnerability's impact is amplified by the fact that it can be triggered through normal filesystem operations, making it difficult to prevent through application-level controls.
The operational impact of CVE-2024-42300 extends beyond simple system crashes to encompass potential data integrity issues and service disruption in production environments. Systems utilizing erofs filesystems, particularly those running on high-performance computing clusters or cloud infrastructure, are at risk of experiencing unexpected kernel panics that can result in complete system downtime. The vulnerability's occurrence during stress testing suggests that it is most likely to manifest under conditions of high concurrent access, making it particularly dangerous for servers handling large numbers of simultaneous file operations. The specific kernel BUG that occurs at line 58 of zutil.c represents a critical failure in the kernel's memory management subsystem, where the kernel's internal consistency checks detect an invalid buffer state. This type of failure can lead to information disclosure or privilege escalation if exploited by malicious actors, though the primary concern is the immediate system instability. The vulnerability affects systems running kernel versions that include the affected erofs implementation, particularly those using the z_erofs_get_gbuf() and z_erofs_put_gbuf() functions for buffer management. The impact is not limited to a single system type but affects any platform that implements the affected filesystem code, including virtualized environments and containerized applications that rely on erofs for storage operations. The stress testing environment that revealed this vulnerability indicates that the race condition can be reliably triggered under sustained load conditions, making it a significant concern for enterprise systems that require high availability and reliability.
Mitigation of CVE-2024-42300 requires immediate application of the kernel patch that resolves the race condition in the z_erofs_get_gbuf() function. The fix should ensure that the global buffer identification and lock acquisition operations are atomic with respect to task migration, preventing the scenario where a task is migrated between these critical operations. Organizations should prioritize updating their kernel versions to include the patched implementation, particularly those running systems with active erofs filesystem usage. System administrators should monitor for signs of kernel panics or system instability that might indicate the vulnerability is being exploited, as these events can occur intermittently and may not be immediately apparent. The mitigation strategy should also include implementing proper system monitoring to detect unusual patterns in filesystem operations that might indicate the race condition is occurring. Security teams should consider implementing additional controls around filesystem access patterns to minimize the risk of triggering the vulnerability during normal operations. The fix must ensure that all buffer management operations maintain consistency regardless of task migration events, which may involve using memory barriers or other synchronization primitives to prevent the race condition. Organizations should also consider implementing redundant systems or failover mechanisms to maintain service availability during patch deployment. The vulnerability's nature suggests that it may be exploitable for denial-of-service attacks, so network monitoring should be enhanced to detect unusual activity patterns that might indicate exploitation attempts. System administrators should also verify that their systems are not running outdated kernel versions that lack the patch, particularly in environments where kernel updates are not automatically applied. Regular security assessments should be conducted to ensure that all systems utilizing erofs filesystems are protected against this and similar vulnerabilities. The patch implementation should be tested in staging environments to ensure compatibility with existing applications and system configurations before deployment to production systems.