CVE-2024-50273

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel has been resolved, related to the btrfs file system. The issue occurs when updating the action of an existing reference to BTRFS DROP DELAYED REF, which deletes the reference from its list using list del(). This leaves the reference's add list member not reinitialized, causing a crash when drop delayed ref() is called later. The crash happens because list empty() returns false due to the list not being reinitialized after list del(), leading to an invalid list access. This results in a splat if CONFIG LIST HARDENED and CONFIG DEBUG LIST are set, or invalid poison pointer dereferences otherwise.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.