5.5
CVE-2024-50273
- EPSS 0.27%
- Veröffentlicht 19.11.2024 02:16:29
- Zuletzt bearbeitet 03.11.2025 23:17:09
- CVE-Watchlists
- Unerledigt
btrfs: reinitialize delayed ref list after deleting it from the list
In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively. If later we end up calling drop_delayed_ref() against the ref, which can happen during merging or when destroying delayed refs due to a transaction abort, we can trigger a crash since at drop_delayed_ref() we call list_empty() against the ref's add_list, which returns false since the list was not reinitialized after the list_del() and as a consequence we call list_del() again at drop_delayed_ref(). This results in an invalid list access since the next and prev members are set to poison pointers, resulting in a splat if CONFIG_LIST_HARDENED and CONFIG_DEBUG_LIST are set or invalid poison pointer dereferences otherwise. So fix this by deleting from the list with list_del_init() instead.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.10 < 4.19.324
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.286
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.230
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.172
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.117
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.61
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.8
Linux ≫ Linux Kernel Version6.12 Updaterc1
Linux ≫ Linux Kernel Version6.12 Updaterc2
Linux ≫ Linux Kernel Version6.12 Updaterc3
Linux ≫ Linux Kernel Version6.12 Updaterc4
Linux ≫ Linux Kernel Version6.12 Updaterc5
Linux ≫ Linux Kernel Version6.12 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.187 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://git.kernel.org/stable/c/2cb1a73d1d44a1c11b0ee5eeced765dd80ec48e6
https://git.kernel.org/stable/c/2fd0948a483e9cb2d669c7199bc620a21c97673d
https://git.kernel.org/stable/c/50a3933760b427759afdd23156a7280a19357a92
https://git.kernel.org/stable/c/93c5b8decc0ef39ba84f4211d2db6da0a4aefbeb
https://git.kernel.org/stable/c/bf0b0c6d159767c0d1c21f793950d78486690ee0
https://git.kernel.org/stable/c/c24fa427fc0ae827b2a3a07f13738cbf82c3f851
https://git.kernel.org/stable/c/c9a75ec45f1111ef530ab186c2a7684d0a0c9245
https://git.kernel.org/stable/c/f04be6d68f715c1473a8422fc0460f57b5e99931
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html