CVE-2024-47741

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to a race condition in the btrfs file system, specifically in the find desired extent() function. When multiple threads access the same file descriptor concurrently, a memory leak can occur due to the allocation of private structures by each thread. This can lead to a use-after-free problem, as one thread may free the structure while another is still using it. The issue arises from the shared use of the same cached state record in the private structure, which can result in incorrect results. The problem is fixed by protecting the private assignment and check of a file while holding the inode's spinlock and keeping track of the task that allocated the private.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting concurrent access to the same file descriptor to minimize the risk of exploitation. Additionally, avoid using the lseek system call with SEEK DATA or SEEK HOLE flags on the same file descriptor from multiple threads.