CVE-2024-50245 in Linuxinfo

Summary

by MITRE • 11/09/2024

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix possible deadlock in mi_read

Mutex lock with another subclass used in ni_lock_dir().

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 10/02/2025

The vulnerability CVE-2024-50245 represents a critical deadlock condition within the Linux kernel's ntfs3 file system implementation that specifically affects the fs/ntfs3 subsystem. This issue manifests in the mi_read function where a mutex lock operation interacts with another lock subclass through the ni_lock_dir() function call. The problem arises from improper lock ordering or subclass hierarchy management within the kernel's locking mechanism, creating a scenario where multiple threads or processes can become indefinitely blocked waiting for resources that will never become available. The ntfs3 file system driver, which provides support for the New Technology File System used by Microsoft Windows operating systems, contains this flaw that can be exploited to cause system-wide denial of service conditions. This vulnerability directly impacts systems running Linux kernels with ntfs3 support, particularly those that mount ntfs3 file systems or perform operations on ntfs3 volumes, as the deadlock can occur during normal file system operations such as reading metadata or directory entries.

The technical flaw stems from improper lock management within the kernel's locking subsystem where the mi_read function attempts to acquire a mutex lock while another lock subclass is already held, creating a circular dependency that leads to deadlock conditions. This type of issue commonly falls under the CWE-367 category of Time-of-Check Time-of-Use (TOCTOU) vulnerabilities or more specifically related to improper lock ordering as defined in CWE-121. The ni_lock_dir() function's interaction with the mutex lock hierarchy creates a scenario where the system can become unresponsive when multiple concurrent operations attempt to access the same file system resources. The lock subclass behavior indicates that the kernel's lock manager is not properly handling the hierarchical relationship between different lock types, causing a violation of lock ordering principles that are fundamental to preventing deadlocks in concurrent programming environments.

The operational impact of this vulnerability extends beyond simple system instability to potentially enable denial of service attacks that can render systems unusable for extended periods. When the deadlock occurs, affected systems may experience complete system hang conditions where all processes attempting to access the ntfs3 file system become blocked, requiring manual intervention or system reboot to restore normal operation. This vulnerability affects not only individual user sessions but can potentially impact system services and applications that depend on file system access, making it particularly dangerous in server environments or embedded systems where continuous availability is critical. The vulnerability is especially concerning in enterprise environments where ntfs3 file systems are mounted for data access, as it can cause cascading failures affecting multiple applications and services that rely on the underlying file system infrastructure.

Mitigation strategies for CVE-2024-50245 should prioritize applying the latest kernel patches that address the specific lock ordering issue within the ntfs3 file system implementation. System administrators should immediately update their Linux kernels to versions that include the fix for this vulnerability, as the patch resolves the improper lock subclass handling in the mi_read function. Organizations should conduct thorough testing of kernel updates in staging environments before deployment to ensure compatibility with existing ntfs3 file system operations and applications. Additionally, monitoring systems should be implemented to detect potential deadlock conditions, particularly in environments with high concurrent access to ntfs3 volumes, as early detection can help prevent extended service outages. The mitigation approach aligns with ATT&CK technique T1499.004 which involves avoiding or preventing system resource compromise through proper locking mechanisms and resource management practices. Regular security assessments should include verification that lock hierarchies are properly implemented and that no circular dependencies exist in file system locking operations, as this vulnerability demonstrates the critical importance of maintaining proper lock ordering in kernel-level code.

Responsible

Linux

Reservation

10/21/2024

Disclosure

11/09/2024

Moderation

accepted

CPE

ready

EPSS

0.00219

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!