PT-2024-3389 · Linux+5 · Linux Kernel+5

Published

2024-01-12

·

Updated

2025-02-17

·

CVE-2024-26644

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0-rc6
Description: The vulnerability is related to the btrfs filesystem in the Linux kernel. When attempting to snapshot a deleted subvolume, the create pending snapshot() function initializes the new root item as a copy of the source root item, including the refs field, which is 0 for a deleted subvolume. This causes the btrfs insert root() function to insert a root with refs == 0, leading to an abort. The issue can be fixed by checking the source root's refs before attempting the snapshot, but after locking subvol sem to avoid racing with deletion.
Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel version 6.7.0-rc6, apply the patch that checks the source root's refs before attempting the snapshot. As a temporary workaround, consider disabling the create pending snapshot() function until a patch is available.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-354

Related Identifiers

BDU:2024-03661
CVE-2024-26644
DLA-3842-1
DSA-5681-1
OESA-2024-1520
OESA-2024-1524
OESA-2024-1526
OESA-2024-1535
OESA-2024-1536
OESA-2024-1541
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2939-1
SUSE-SU-2025:0565-1
USN-6765-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6795-1
USN-6818-1
USN-6818-2
USN-6818-3
USN-6818-4
USN-6819-1
USN-6819-2
USN-6819-3
USN-6819-4
USN-6828-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu