Skip to main content

Linux CVE-2024-42079

MEDIUM
NULL Pointer Dereference (CWE-476)
2024-07-29 416baaa9-dc9f-4396-8d5f-8c081fb06d67
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
Patch released
Mar 17, 2026 - 20:45 nvd
Patch available
CVE Published
Jul 29, 2024 - 16:15 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Fix NULL pointer dereference in gfs2_log_flush

In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush().

In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush).

AnalysisAI

This is a null pointer dereference vulnerability in the Linux kernel's GFS2 (Global File System 2) subsystem that occurs during the log flush operation when a race condition exists between glock work and filesystem unmount. An unprivileged local attacker can trigger this vulnerability to cause a kernel panic and denial of service by timing glock operations to race with unmount, exploiting the fact that sdp->sd_jdesc is dereferenced without null checks. The vulnerability has patches available from the Linux kernel development team across multiple stable branches, and while the EPSS score is very low (0.05%), the impact is a complete system availability disruption through kernel crash.

Technical ContextAI

The vulnerability exists in the GFS2 filesystem implementation, a shared-disk cluster filesystem used in Linux (CPE: cpe:2.3:o:linux:linux_kernel). The root cause is classified as CWE-476 (NULL Pointer Dereference) combined with a race condition in the gfs2_log_flush() function. The issue arises from inadequate synchronization between gfs2_jindex_free() which deallocates the journal index descriptor (sdp->sd_jdesc) and gfs2_log_flush() which may attempt to dereference it. The kernel's glock (Global Lock) subsystem triggers inode_go_sync() during lock transitions, which invokes gfs2_log_flush(). Without proper locking mechanisms and null checks, concurrent execution of unmount operations (setting sdp->sd_jdesc to NULL) and glock work (dereferencing sdp->sd_jdesc) creates a classic use-after-free/null-dereference window. The fix involves setting sdp->sd_jdesc to NULL under the log flush lock to provide mutual exclusion and adding explicit null pointer checks before dereferencing.

RemediationAI

Apply the kernel security patch immediately by updating the Linux kernel to a version containing one of the fixes committed at git.kernel.org/stable with commit hashes 3429ef5f50909cee9e498c50f0c499b9397116ce, 35264909e9d1973ab9aaa2a1b07cda70f12bb828, 5f6a84cfb33b34610623857bd93919dcb661e29b, c3c5cfa3170c0940bc66a142859caac07d19b9d6, or f54f9d5368a4e92ede7dd078a62788dae3a7c6ef. For enterprise systems, work with your distribution vendor (Red Hat, Canonical, SUSE, Debian) to obtain backported kernels through their respective security channels. Until patching is feasible, minimize the risk by avoiding unmount operations on GFS2 filesystems during periods of active I/O and glock contention; however, this is not a reliable mitigation and patching should be prioritized. For clusters, perform rolling kernel updates to ensure high availability while patches are deployed.

Share

CVE-2024-42079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy