CVE-2024-26726

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc2+

Description The issue arises when the Linux kernel fails to write out the free space cache in one instance and then attempts to write it again. On the second pass, it calls btrfs get extent() on the inode to get the extent mapping, but since this is a new block group and the free space inode always searches the commit root to avoid deadlocking with the tree, it finds nothing and returns a EXTENT MAP HOLE for the requested range. This happens because the first time the kernel tries to write the space cache out, it hits an error and drops the extent mapping, which is normal for normal files but not for the free space cache inode, where the extent map is always expected to be correct. As a result, the second time through, the kernel ends up with a bogus extent map.

Recommendations To resolve this issue, apply the patch that skips dropping the extent map range for the failed range when writing out the free space cache. This patch is already in place for version 6.8.0-rc2+, so updating to this version or later will fix the issue. For versions prior to 6.8.0-rc2+, the specific steps to apply the patch may vary depending on the distribution and configuration of the Linux kernel. It is recommended to consult the distribution's documentation or support channels for guidance on applying the patch.

At the moment, there is no information about other versions that contain a fix for this vulnerability.