CVE-2024-57896

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A use-after-free vulnerability in the Linux kernel has been resolved. The issue occurs when the cleaner kthread is stopped during the unmount path, but a worker from the delalloc workers queue may still be running and try to wake up the already destroyed cleaner kthread, resulting in a use-after-free on the task struct. The vulnerability was reported by Syzbot with a stack trace showing the error in lock acquire.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the submit compressed extents() function until a patch is available. Restrict access to the vulnerable btrfs work helper() function to minimize the risk of exploitation. Avoid using the btrfs add delayed iput() function in the affected API endpoint until the issue is resolved.