CVE-2024-57924
Description
In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 6.1.153-1 |
| debian | forky | fixed | 6.12.10-1 |
| debian | sid | fixed | 6.12.10-1 |
| debian | trixie | fixed | 6.12.10-1 |
| debian | bullseye | fixed | 6.1.153-1~deb11u1 |
| linux-kernel | affected | 6.1.151 | |
| linux-kernel | 6.13 | affected | |
References
- https://git.kernel.org/stable/c/73697928c806fe4689939722184a86fc1c1957b4
- https://git.kernel.org/stable/c/974e3fe0ac61de85015bbe5a4990cf4127b304b2
- https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea
- https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://cert-portal.siemens.com/productcert/html/ssa-032379.html
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://www.suse.com/security/cve/CVE-2024-57924.html
- https://security-tracker.debian.org/tracker/CVE-2024-57924
CWEs
CWE-617
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.