CVE-2024-38306

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8

Description The Linux kernel has a vulnerability that can cause rare kernel crashes due to bad page status error messages. This issue is caused by a race condition between thread A allocating an extent buffer and thread B releasing a page, leading to a refcount underflow and eventually causing a BUG ON() on the page->mapping. The condition is not easy to hit and requires specific circumstances, such as the release being triggered for the middle page of an extent buffer. The vulnerability was introduced by a commit that changed the sequence of allocating a new extent buffer.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix, which moves all the code requiring i private lock into attach eb folio to filemap(), ensuring proper lock protection. Additionally, an extra lockdep assert locked() has been added to prevent future problems. As a temporary workaround, consider disabling the alloc extent buffer() function until a patch is available. Restrict access to the vulnerable btrfs module to minimize the risk of exploitation. Avoid using the folio detach private() function in the affected API endpoint until the issue is resolved.