Linux Kernel up to 6.12.9/6.13-rc6 encode_fh encoding error

Summaryinfo

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.9/6.13-rc6. This affects the function encode_fh. Such manipulation leads to encoding error. This vulnerability is documented as CVE-2024-57924. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.12.9/6.13-rc6 and classified as problematic. Affected by this issue is the function encode_fh. The manipulation with an unknown input leads to a encoding error vulnerability. Using CWE to declare the problem leads to CWE-172. The product does not properly encode or decode the data, resulting in unexpected values. The impact remains unknown. CVE summarizes:

In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.

The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2024-57924 since 01/19/2025. Technical details are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 233479 (Ubuntu 24.10 : Linux kernel (Low Latency) vulnerabilities (USN-7380-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 6.12.10 or 6.13-rc7 eliminates this vulnerability. Applying the patch adcde2872f8fc399b249758ae1990dcd53b694ea/974e3fe0ac61de85015bbe5a4990cf4127b304b2 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (233479) and CERT Bund (WID-SEC-2025-0119). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• RESF Rocky Linux
• Dell NetWorker
• Dell Avamar
• Dell PowerProtect Data Domain
• Open Source Linux Kernel
• Dell Secure Connect Gateway

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.12.0
• 6.12.1
• 6.12.2
• 6.12.3
• 6.12.4
• 6.12.5
• 6.12.6
• 6.12.7
• 6.12.8
• 6.12.9
• 6.13-rc1
• 6.13-rc2
• 6.13-rc3
• 6.13-rc4
• 6.13-rc5
• 6.13-rc6

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion