CVE-2024-46840

Summary

In the Linux kernel, the following vulnerability has been resolved:

btrfs: clean up our handling of refs == 0 in snapshot delete

In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < c847b28a799733b04574060ab9d00f215970627daffected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < 71291aa7246645ef622621934d2067400380645eaffected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < c60676b81fab456b672796830f6d8057058f029caffected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < 728d4d045b628e006b48a448f3326a7194c88d32affected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < 9cc887ac24b7a0598f4042ae9af6b9a33072f75baffected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < 7d1df13bf078ffebfedd361d714ff6cee1ff01b9affected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < 03804641ec2d0da4fa088ad21c88e703d151ce16affected
LinuxLinux2c47e605a91dde6b0514f689645e7ab336c8592a < b8ccef048354074a548f108e51d0557d6adfd3a3affected
LinuxLinux2.6.31affected
LinuxLinux0 < 2.6.31unaffected
LinuxLinux4.19.322 <= 4.19.*unaffected
LinuxLinux5.4.284 <= 5.4.*unaffected
LinuxLinux5.10.226 <= 5.10.*unaffected
LinuxLinux5.15.167 <= 5.15.*unaffected
LinuxLinux6.1.110 <= 6.1.*unaffected
LinuxLinux6.6.51 <= 6.6.*unaffected
LinuxLinux6.10.10 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References