Linux Kernel Vulnerability in Btrfs Related to Quota Configuration

CVE-2024-57806

Summary

The Btrfs module in the Linux kernel has a vulnerability related to the enabling of simple quotas, which can lead to assertion failures due to improper transaction handling. When the simple quota feature is activated, the incompat bit should be set before committing the transaction to ensure that both flags are correctly persisted. Failure to do so may result in data integrity issues, particularly if the filesystem is unmounted before the transaction is fully secured. The vulnerability can be reproduced by initializing a Btrfs filesystem, enabling quotas, unmounting, and then remounting, which exposes the flaw in the flag management. This can have significant security implications, as it undermines the reliability of the quota system.

References