1. Home
  2. Vulnerabilities
  3. CVE-2024-38582
5.3
MEDIUM CVSS 3.1
CVE-2024-38582
nilfs2: fix potential hang in nilfs_detach_log_writer()
Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy().

INFO

Published Date :

June 19, 2024, 2:15 p.m.

Last Modified :

Nov. 4, 2025, 6:16 p.m.

Remotely Exploit :

Yes !

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2024-38582 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 MEDIUM 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Updating the Linux kernel will address a deadlock issue in nilfs2.
  • Update the affected Linux kernel packages.
  • Reboot the system to apply the update.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38582.

URL Resource
https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd Patch
https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 Patch
https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b Patch
https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 Patch
https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a Patch
https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b Patch
https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f Patch
https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e Patch
https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb Patch
https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd Patch
https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 Patch
https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b Patch
https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 Patch
https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a Patch
https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b Patch
https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f Patch
https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e Patch
https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38582 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38582 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38582 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-38582 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 04, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • Initial Analysis by [email protected]

    Apr. 01, 2025

    Action Type Old Value New Value
    Added CWE CWE-667
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9 up to (excluding) 6.9.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.12 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.33 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.93 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.161 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.219 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 4.19.316 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.278
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb Types: Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd
    Added Reference https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0
    Added Reference https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b
    Added Reference https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830
    Added Reference https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a
    Added Reference https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b
    Added Reference https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f
    Added Reference https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e
    Added Reference https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Nov. 08, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 15, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 27, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 19, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy().
    Added Reference kernel.org https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 5.3
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact