LiveActive security incident?Get immediate response
CVE Record

CVE-2024-26685: nilfs2: fix potential bug in end_buffer_async_write

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer.

MediumCVSS 5.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel reliability issue in nilfs2. A local user can potentially trigger a kernel BUG condition during writeback, causing system availability impact. The source bundle does not show data theft, privilege escalation, remote access, or confirmed active exploitation.

Executive priority

Handle through normal kernel patch management, with higher priority for multi-user Linux servers where availability matters. This is not shown as remotely exploitable or actively exploited in the provided sources, but it can still cause disruptive local denial of service.

Technical view

The bug involves nilfs2 use of the buffer async_write flag on super root block buffers that share backing-device buffers. Parallel backing-device writeback could make end_buffer_async_write() detect an abnormal async_write state and hit BUG_ON. CVSS rates it local, low complexity, low privilege, no user interaction, availability-only impact.

Likely exposure

Exposure is most relevant to Linux systems running affected kernel versions where nilfs2 is present or used, especially shared or multi-user systems. The bundle lists affected Linux kernel ranges and multiple stable fixes, but does not identify specific distributions beyond Debian LTS advisories.

Exploitation context

The CVSS vector requires local access and low privileges. The provided sources do not indicate remote exploitation or inclusion in CISA KEV. Treat exploitation status as unconfirmed unless your vendor or telemetry shows otherwise.

Researcher notes

Key evidence is the upstream kernel description: nilfs2 reused async_write as a marker, but super root buffers share backing-device buffers, creating a race with independent writeback. The resolved change removes async_write manipulation for the remaining super root block buffer.

Mitigation direction

  • Update to a vendor kernel containing the relevant stable nilfs2 fix.
  • Review Debian LTS advisories if running affected Debian kernel packages.
  • Prioritize multi-user systems where local users can reach filesystem paths.
  • If no update is available, check vendor guidance before changing nilfs2 configuration.

Validation and detection

  • Inventory Linux kernel versions against the affected and fixed ranges in the CVE record.
  • Confirm installed kernel packages include the referenced stable fix commits.
  • Check whether nilfs2 support is enabled or used on important hosts.
  • Review kernel logs for BUG_ON or end_buffer_async_write-related crashes.
Prepared
Confidence
high
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-26685 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
5.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
2ADP providers
11Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
5.5CVSS 3.1MediumCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H1.83.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

5.5Medium
CVSS 3.1 vector shape for CVE-2024-26685Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, 7f42ec3941560f0902fe3671e36f2c20ffd3af0a, ccebcc74c81d8399c7b204aea47c1f33b09c2b17, 831c87640d23ccb253a02e4901bd9a325b5e8c2d, d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5, 8f67918af09fc0ffd426a9b6f87697976d3fbc7b, 3.2.52, 3.4.83, 3.10.16, 3.11.5unaffected
LinuxLinux3.12, 0, 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.79, 6.6.18, 6.7.6, 6.8affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.