Toralf Förster

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8 **Description** The Linux kernel has a vulnerability that can cause rare kernel crashes due to bad page status error messages. This issue is caused by a race condition between thread A allocating an extent buffer and thread B releasing a page, leading to a refcount underflow and eventually causing a BUG ON() on the page->mapping. The condition is not easy to hit and requires specific circumstances, such as the release being triggered for the middle page of an extent buffer. The vulnerability was introduced by a commit that changed the sequence of allocating a new extent buffer. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix, which moves all the code requiring i private lock into attach eb folio to filemap(), ensuring proper lock protection. Additionally, an extra lockdep assert locked() has been added to prevent future problems. As a temporary workaround, consider disabling the `alloc extent buffer()` function until a patch is available. Restrict access to the vulnerable `btrfs` module to minimize the risk of exploitation. Avoid using the `folio detach private()` function in the affected API endpoint until the issue is resolved.