CVE-2024-49869

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.2

Description: A buffer overflow vulnerability has been identified in the Linux kernel, specifically in the btrfs send functionality. The issue arises from the incorrect handling of the name array in the name cache entry structure, which can lead to a buffer overflow detection error. This vulnerability can be exploited to potentially cause a denial-of-service or execute arbitrary code. The estimated number of potentially affected devices is not specified.

Technical details about the exploitation include the use of the counted by() function to annotate the name array, which is intended to improve overflow detection. However, the length of the name array does not match the name len field, resulting in a fortified kernel reporting a buffer overflow error. The strcpy() function is used to copy the path to the cache entry, which can lead to the buffer overflow. To fix this issue, the name array field should be marked with nonstring and memcpy() should be used instead of strcpy().

Recommendations: To resolve this issue, upgrade the Linux kernel to a version later than 6.11.2. As a temporary workaround, consider disabling the btrfs send functionality until a patch is available. Restrict access to the btrfs module to minimize the risk of exploitation. Avoid using the name array in the affected API endpoint until the issue is resolved.