CVE-2022-49079

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17.0-rc6

Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the btrfs file system. The issue arises when the btrfs can activate zone() function is called while holding the device list mutex, leading to a potential deadlock. This occurs because insert dev extents() takes the device list mutex and then calls btrfs can activate zone(), which attempts to acquire the same lock again. To resolve this, the kernel can use fs devices->alloc list protected by the chunk mutex to traverse the list of active devices instead of using the RCU on fs devices->device list.

Recommendations As a temporary workaround, consider disabling the btrfs can activate zone() function until a patch is available. Restrict access to the device list mutex to minimize the risk of exploitation. Avoid using the device list in the affected code paths until the issue is resolved. Update to a version of the Linux kernel that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.