{"btrfs vulnerability","user-after-free fix","version 5.16"}
CVE-2024-50217

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-50217?

A use-after-free vulnerability has been identified in the Linux kernel's Btrfs file system. This issue arises when two images with the same fsid but different dev_uuids are mounted concurrently. Specifically, the problem occurs during the processing of block device files, where certain operations can lead to accessing a freed variable, jeopardizing system stability. The bug is triggered when btrfs devices are scanned and mounted in a specific sequence, potentially allowing attackers to exploit the flaw to cause unpredictable behavior. The vulnerability has been addressed by ensuring that the 'device->bdev_file' is reset to NULL after the closure of btrfs devices, preventing unauthorized memory access.

Affected Version(s)

Linux 142388194191a3edc9ba01cfcfd8b691e0971fb2 < 47a83f8df39545f3f552bb6a1b6d9c30e37621dd

Linux 142388194191a3edc9ba01cfcfd8b691e0971fb2

Linux 4.8

References

https://git.kernel.org/stable/c/47a83f8df39545f3f552bb6a1...

https://git.kernel.org/stable/c/aec8e6bf839101784f3ef037d...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 21, 2024