PT-2022-7614 · Linux+3 · Linux Kernel+3

Published

2022-03-02

·

Updated

2026-03-14

·

CVE-2022-48901

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to commit 5e70bc8
Description The vulnerability is related to the btrfs file system in the Linux kernel. It occurs when a pending balance is waiting to get the cleaner mutex, and a snapshot deletion is running, and then the system crashes, resulting in a half-deleted snapshot. This can lead to errors when looking up extent items. The issue is fixed by setting a bit on the fs info if there are any DEAD ROOT's that had a pending drop progress key, allowing balance to wait until this flag is cleared before starting up again.
Recommendations To resolve the issue, update the Linux kernel to a version released post March 8, 2022, which includes the fix for this vulnerability. Ensure that all systems using the btrfs file system are updated to prevent potential exploits.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-07458
CVE-2022-48901
OESA-2024-2123
OESA-2024-2125
OESA-2024-2126
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3499-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3592-1
SUSE-SU-2024_3569-1
SUSE-SU-2024_3587-1
SUSE-SU-2024_3592-1

Affected Products

Debian
Linux Kernel
Red Os
Suse