PT-2024-8436 · Linux+7 · Linux Kernel+7
Filipe Manana
·
Published
2024-03-05
·
Updated
2025-03-28
·
CVE-2024-27080
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a race condition in the btrfs file system when detecting delalloc ranges during fiemap. This can lead to missing delalloc ranges for file regions that are currently holes, causing the caller of fiemap to be unaware of data in some file regions. This can be serious for use cases like the cp program in coreutils versions before 9.0, which used fiemap to detect holes and data in the source file. If cp was used with a source file that had delalloc in a hole, the destination file could end up without that data, resulting in a data loss issue.
Technical details about exploitation include:
- The
fiemapfunction is called without theFIEMAP FLAG SYNCflag for a file with delalloc in a range that is currently a hole. - The
fiemapfunction locks the inode in shared mode and iterates the inode's subvolume tree searching for file extent items without having the whole fiemap target range locked in the inode's io tree. - The
btrfs find delalloc in range()function is used to search for delalloc by checking for theEXTENT DELALLOCbit in the io tree for the range and ordered extents.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Locking
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
Btrfs
Coreutils