Linux
CVE-2024-42079
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix NULL pointer dereference in gfs2_log_flush
In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush().
In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).
AnalysisAI
This is a null pointer dereference vulnerability in the Linux kernel's GFS2 (Global File System 2) subsystem that occurs during the log flush operation when a race condition exists between glock work and filesystem unmount. An unprivileged local attacker can trigger this vulnerability to cause a kernel panic and denial of service by timing glock operations to race with unmount, exploiting the fact that sdp->sd_jdesc is dereferenced without null checks. The vulnerability has patches available from the Linux kernel development team across multiple stable branches, and while the EPSS score is very low (0.05%), the impact is a complete system availability disruption through kernel crash.
Technical ContextAI
The vulnerability exists in the GFS2 filesystem implementation, a shared-disk cluster filesystem used in Linux (CPE: cpe:2.3:o:linux:linux_kernel). The root cause is classified as CWE-476 (NULL Pointer Dereference) combined with a race condition in the gfs2_log_flush() function. The issue arises from inadequate synchronization between gfs2_jindex_free() which deallocates the journal index descriptor (sdp->sd_jdesc) and gfs2_log_flush() which may attempt to dereference it. The kernel's glock (Global Lock) subsystem triggers inode_go_sync() during lock transitions, which invokes gfs2_log_flush(). Without proper locking mechanisms and null checks, concurrent execution of unmount operations (setting sdp->sd_jdesc to NULL) and glock work (dereferencing sdp->sd_jdesc) creates a classic use-after-free/null-dereference window. The fix involves setting sdp->sd_jdesc to NULL under the log flush lock to provide mutual exclusion and adding explicit null pointer checks before dereferencing.
RemediationAI
Apply the kernel security patch immediately by updating the Linux kernel to a version containing one of the fixes committed at git.kernel.org/stable with commit hashes 3429ef5f50909cee9e498c50f0c499b9397116ce, 35264909e9d1973ab9aaa2a1b07cda70f12bb828, 5f6a84cfb33b34610623857bd93919dcb661e29b, c3c5cfa3170c0940bc66a142859caac07d19b9d6, or f54f9d5368a4e92ede7dd078a62788dae3a7c6ef. For enterprise systems, work with your distribution vendor (Red Hat, Canonical, SUSE, Debian) to obtain backported kernels through their respective security channels. Until patching is feasible, minimize the risk by avoiding unmount operations on GFS2 filesystems during periods of active I/O and glock contention; however, this is not a reliable mitigation and patching should be prioritized. For clusters, perform rolling kernel updates to ensure high availability while patches are deployed.
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today