CVE-2023-52668

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.7.2

Description The vulnerability is related to incorrect lock ordering in the btrfs zone activate() function, which can lead to a deadlock. This issue was detected by the btrfs CI when running generic/129, resulting in a lockdep warning. The warning indicates a possible circular locking dependency, where a task is trying to acquire a lock while already holding another lock that depends on the new lock. The existing dependency chain is reversed, causing the issue. The problem arises because fs info->zone active bgs lock is taken after a block group's lock in btrfs zone activate(), while the opposite is done in other places. Exploitation of this vulnerability can lead to system unavailability.

Recommendations To resolve the issue, upgrade the Linux kernel to version 6.7.2 or later. As a temporary workaround, consider disabling the btrfs zone activate() function until a patch is available. However, this may have significant performance implications and should be carefully considered before implementation. At the moment, there is no information about other versions that contain a fix for this vulnerability.