PT-2024-3412 · Linux+4 · Linux Kernel+4

Published

2024-02-29

·

Updated

2026-03-14

·

CVE-2024-26792

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a double free of an anonymous device in the btrfs filesystem when creating a snapshot. This can occur when there is an error committing the transaction, resulting in the second free potentially freeing an anonymous device number that was allocated by another subsystem or btrfs filesystem. The vulnerability is triggered by a sequence of steps involving the allocation of an anonymous device number, calling btrfs commit transaction, and freeing the device number. A report from syzbot includes a trace showing an attempt to free an unallocated anonymous device number.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

AZL-54536
BDU:2024-03684
CVE-2024-26792
DSA-5658-1
OESA-2024-1619
OESA-2024-1620
OESA-2024-1621
OESA-2024-1622
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
SUSE-SU-2024:1641-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6892-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1
USN-6919-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu