cve-2024-56581
Vulnerability from cvelistv5
Published
2024-12-27 14:23
Modified
2025-02-11 15:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the respective block entry's rbtree (local variable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF, we error out and free the ref entry without removing it from the block entry's rbtree. Then in the error path of btrfs_ref_tree_mod() we call btrfs_free_ref_cache(), which iterates over all block entries and then calls free_block_entry() for each one, and there we will trigger a use-after-free when we are called against the block entry to which we added the freed ref entry to its rbtree, since the rbtree still points to the block entry, as we didn't remove it from the rbtree before freeing it in the error path at btrfs_ref_tree_mod(). Fix this by removing the new ref entry from the rbtree before freeing it. Syzbot report this with the following stack traces: BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314 btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline] btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23 btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482 btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293 vfs_unlink+0x365/0x650 fs/namei.c:4469 do_unlinkat+0x4ae/0x830 fs/namei.c:4533 __do_sys_unlinkat fs/namei.c:4576 [inline] __se_sys_unlinkat fs/namei.c:4569 [inline] __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f BTRFS error (device loop0 state EA): Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1 __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521 update_ref_for_cow+0x96a/0x11f0 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline] __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137 __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171 btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313 prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586 relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611 btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081 btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377 __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161 btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538 BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_i ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4275ac2741941c9c7c2293619fdbacb9f70ba85bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6370db28af9a8ae3bbdfe97f8a48f8f995e144cfPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6fd018aa168e472ce35be32296d109db6adb87eaPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c4e39f9d2af4abaf82ca0e315d1fd340456620fPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6f9e7a0bf1185c9070c0de03bb85eafb9abd650Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d2b85ce0561fde894e28fa01bd5d32820d585006Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dfb9fe7de61f34cc241ab3900bdde93341096e0ePatch
Impacted products
Vendor Product Version
Linux Linux Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
Version: fd708b81d972a0714b02a60eb4792fdbf15868c4
 Create a notification for this product.
   Linux Linux Version: 4.15
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56581",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T15:42:39.280771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T15:45:24.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ref-verify.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dfb9fe7de61f34cc241ab3900bdde93341096e0e",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "6fd018aa168e472ce35be32296d109db6adb87ea",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "d2b85ce0561fde894e28fa01bd5d32820d585006",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "6370db28af9a8ae3bbdfe97f8a48f8f995e144cf",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "4275ac2741941c9c7c2293619fdbacb9f70ba85b",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "a6f9e7a0bf1185c9070c0de03bb85eafb9abd650",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            },
            {
              "lessThan": "7c4e39f9d2af4abaf82ca0e315d1fd340456620f",
              "status": "affected",
              "version": "fd708b81d972a0714b02a60eb4792fdbf15868c4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ref-verify.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ref-verify: fix use-after-free after invalid ref action\n\nAt btrfs_ref_tree_mod() after we successfully inserted the new ref entry\n(local variable \u0027ref\u0027) into the respective block entry\u0027s rbtree (local\nvariable \u0027be\u0027), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,\nwe error out and free the ref entry without removing it from the block\nentry\u0027s rbtree. Then in the error path of btrfs_ref_tree_mod() we call\nbtrfs_free_ref_cache(), which iterates over all block entries and then\ncalls free_block_entry() for each one, and there we will trigger a\nuse-after-free when we are called against the block entry to which we\nadded the freed ref entry to its rbtree, since the rbtree still points\nto the block entry, as we didn\u0027t remove it from the rbtree before freeing\nit in the error path at btrfs_ref_tree_mod(). Fix this by removing the\nnew ref entry from the rbtree before freeing it.\n\nSyzbot report this with the following stack traces:\n\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n      btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314\n      btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline]\n      btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23\n      btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482\n      btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293\n      vfs_unlink+0x365/0x650 fs/namei.c:4469\n      do_unlinkat+0x4ae/0x830 fs/namei.c:4533\n      __do_sys_unlinkat fs/namei.c:4576 [inline]\n      __se_sys_unlinkat fs/namei.c:4569 [inline]\n      __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569\n      do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n      do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n      entry_SYSCALL_64_after_hwframe+0x77/0x7f\n   BTRFS error (device loop0 state EA):   Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1\n      __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521\n      update_ref_for_cow+0x96a/0x11f0\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n      btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline]\n      __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137\n      __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171\n      btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313\n      prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586\n      relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611\n      btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081\n      btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377\n      __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161\n      btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n      btrfs_update_delayed_i\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T06:23:30.028Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dfb9fe7de61f34cc241ab3900bdde93341096e0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fd018aa168e472ce35be32296d109db6adb87ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2b85ce0561fde894e28fa01bd5d32820d585006"
        },
        {
          "url": "https://git.kernel.org/stable/c/6370db28af9a8ae3bbdfe97f8a48f8f995e144cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/4275ac2741941c9c7c2293619fdbacb9f70ba85b"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6f9e7a0bf1185c9070c0de03bb85eafb9abd650"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c4e39f9d2af4abaf82ca0e315d1fd340456620f"
        }
      ],
      "title": "btrfs: ref-verify: fix use-after-free after invalid ref action",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56581",
    "datePublished": "2024-12-27T14:23:23.193Z",
    "dateReserved": "2024-12-27T14:03:06.000Z",
    "dateUpdated": "2025-02-11T15:45:24.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56581\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:17.207\",\"lastModified\":\"2025-02-11T16:15:43.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: ref-verify: fix use-after-free after invalid ref action\\n\\nAt btrfs_ref_tree_mod() after we successfully inserted the new ref entry\\n(local variable \u0027ref\u0027) into the respective block entry\u0027s rbtree (local\\nvariable \u0027be\u0027), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,\\nwe error out and free the ref entry without removing it from the block\\nentry\u0027s rbtree. Then in the error path of btrfs_ref_tree_mod() we call\\nbtrfs_free_ref_cache(), which iterates over all block entries and then\\ncalls free_block_entry() for each one, and there we will trigger a\\nuse-after-free when we are called against the block entry to which we\\nadded the freed ref entry to its rbtree, since the rbtree still points\\nto the block entry, as we didn\u0027t remove it from the rbtree before freeing\\nit in the error path at btrfs_ref_tree_mod(). Fix this by removing the\\nnew ref entry from the rbtree before freeing it.\\n\\nSyzbot report this with the following stack traces:\\n\\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314\\n      btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline]\\n      btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23\\n      btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482\\n      btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293\\n      vfs_unlink+0x365/0x650 fs/namei.c:4469\\n      do_unlinkat+0x4ae/0x830 fs/namei.c:4533\\n      __do_sys_unlinkat fs/namei.c:4576 [inline]\\n      __se_sys_unlinkat fs/namei.c:4569 [inline]\\n      __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569\\n      do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n      do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\\n      entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n   BTRFS error (device loop0 state EA):   Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1\\n      __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521\\n      update_ref_for_cow+0x96a/0x11f0\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\\n      btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline]\\n      __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137\\n      __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171\\n      btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313\\n      prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586\\n      relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611\\n      btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081\\n      btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377\\n      __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161\\n      btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538\\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\\n      btrfs_update_delayed_i\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: ref-verify: corrige use-after-free despu\u00e9s de una acci\u00f3n de referencia no v\u00e1lida En btrfs_ref_tree_mod() despu\u00e9s de que insertamos exitosamente la nueva entrada de referencia (variable local \u0027ref\u0027) en el rbtree de la entrada de bloque respectiva (variable local \u0027be\u0027), si encontramos una acci\u00f3n inesperada de BTRFS_DROP_DELAYED_REF, generamos un error y liberamos la entrada de referencia sin eliminarla del rbtree de la entrada de bloque. Luego, en la ruta de error de btrfs_ref_tree_mod(), llamamos a btrfs_free_ref_cache(), que itera sobre todas las entradas de bloque y luego llama a free_block_entry() para cada una, y all\u00ed activaremos un use-after-free cuando se nos llame contra la entrada de bloque a la que agregamos la entrada de referencia liberada a su rbtree, ya que el rbtree todav\u00eda apunta a la entrada de bloque, ya que no la eliminamos del rbtree antes de liberarla en la ruta de error en btrfs_ref_tree_mod(). Solucione esto eliminando la nueva entrada de referencia del rbtree antes de liberarla. Syzbot informa esto con los siguientes seguimientos de pila: Error BTRFS (estado EA del bucle0 del dispositivo): Ref acci\u00f3n 2, ra\u00edz 5, ref_root 0, padre 8564736, propietario 0, desplazamiento 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314 btrfs_insert_empty_item fs/btrfs/ctree.h:669 [en l\u00ednea] btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23 btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482 btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293 vfs_unlink+0x365/0x650 fs/namei.c:4469 do_unlinkat+0x4ae/0x830 fs/namei.c:4533 __do_sys_unlinkat fs/namei.c:4576 [en l\u00ednea] __se_sys_unlinkat fs/namei.c:4569 [en l\u00ednea] __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Error BTRFS (estado del dispositivo loop0 EA): Ref acci\u00f3n 1, ra\u00edz 5, ref_root 5, padre 0, propietario 260, desplazamiento 0, n\u00fam_refs 1 __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521 actualizaci\u00f3n_ref_para_vaca+0x96a/0x11f0 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [en l\u00ednea] __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137 __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171 btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313 prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586 relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611 btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081 btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377 __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161 btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538 Error BTRFS (estado del dispositivo loop0 EA): Acci\u00f3n de referencia 2, ra\u00edz 5, ref_root 0, padre 8564736, propietario 0, desplazamiento 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 actualizaci\u00f3n_ref_para_vaca+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_i ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"5.4.287\",\"matchCriteriaId\":\"3B88B3CC-D264-4F47-A543-C7C84926AE08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.231\",\"matchCriteriaId\":\"B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.174\",\"matchCriteriaId\":\"419FD073-1517-4FD5-8158-F94BC68A1E89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.120\",\"matchCriteriaId\":\"09AC6122-E2A4-40FE-9D33-268A1B2EC265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.64\",\"matchCriteriaId\":\"CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.4\",\"matchCriteriaId\":\"04756810-D093-4B43-B1D9-CF5035968061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4275ac2741941c9c7c2293619fdbacb9f70ba85b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6370db28af9a8ae3bbdfe97f8a48f8f995e144cf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6fd018aa168e472ce35be32296d109db6adb87ea\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7c4e39f9d2af4abaf82ca0e315d1fd340456620f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a6f9e7a0bf1185c9070c0de03bb85eafb9abd650\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d2b85ce0561fde894e28fa01bd5d32820d585006\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dfb9fe7de61f34cc241ab3900bdde93341096e0e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-56581\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T15:42:39.280771Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T15:42:40.932Z\"}}], \"cna\": {\"title\": \"btrfs: ref-verify: fix use-after-free after invalid ref action\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"dfb9fe7de61f34cc241ab3900bdde93341096e0e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"6fd018aa168e472ce35be32296d109db6adb87ea\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"d2b85ce0561fde894e28fa01bd5d32820d585006\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"6370db28af9a8ae3bbdfe97f8a48f8f995e144cf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"4275ac2741941c9c7c2293619fdbacb9f70ba85b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"a6f9e7a0bf1185c9070c0de03bb85eafb9abd650\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fd708b81d972a0714b02a60eb4792fdbf15868c4\", \"lessThan\": \"7c4e39f9d2af4abaf82ca0e315d1fd340456620f\", \"versionType\": \"git\"}], \"programFiles\": [\"fs/btrfs/ref-verify.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.15\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.15\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.287\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.231\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.174\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.120\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.64\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/btrfs/ref-verify.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/dfb9fe7de61f34cc241ab3900bdde93341096e0e\"}, {\"url\": \"https://git.kernel.org/stable/c/6fd018aa168e472ce35be32296d109db6adb87ea\"}, {\"url\": \"https://git.kernel.org/stable/c/d2b85ce0561fde894e28fa01bd5d32820d585006\"}, {\"url\": \"https://git.kernel.org/stable/c/6370db28af9a8ae3bbdfe97f8a48f8f995e144cf\"}, {\"url\": \"https://git.kernel.org/stable/c/4275ac2741941c9c7c2293619fdbacb9f70ba85b\"}, {\"url\": \"https://git.kernel.org/stable/c/a6f9e7a0bf1185c9070c0de03bb85eafb9abd650\"}, {\"url\": \"https://git.kernel.org/stable/c/7c4e39f9d2af4abaf82ca0e315d1fd340456620f\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: ref-verify: fix use-after-free after invalid ref action\\n\\nAt btrfs_ref_tree_mod() after we successfully inserted the new ref entry\\n(local variable \u0027ref\u0027) into the respective block entry\u0027s rbtree (local\\nvariable \u0027be\u0027), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,\\nwe error out and free the ref entry without removing it from the block\\nentry\u0027s rbtree. Then in the error path of btrfs_ref_tree_mod() we call\\nbtrfs_free_ref_cache(), which iterates over all block entries and then\\ncalls free_block_entry() for each one, and there we will trigger a\\nuse-after-free when we are called against the block entry to which we\\nadded the freed ref entry to its rbtree, since the rbtree still points\\nto the block entry, as we didn\u0027t remove it from the rbtree before freeing\\nit in the error path at btrfs_ref_tree_mod(). Fix this by removing the\\nnew ref entry from the rbtree before freeing it.\\n\\nSyzbot report this with the following stack traces:\\n\\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314\\n      btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline]\\n      btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23\\n      btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482\\n      btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293\\n      vfs_unlink+0x365/0x650 fs/namei.c:4469\\n      do_unlinkat+0x4ae/0x830 fs/namei.c:4533\\n      __do_sys_unlinkat fs/namei.c:4576 [inline]\\n      __se_sys_unlinkat fs/namei.c:4569 [inline]\\n      __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569\\n      do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n      do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\\n      entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n   BTRFS error (device loop0 state EA):   Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1\\n      __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521\\n      update_ref_for_cow+0x96a/0x11f0\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\\n      btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline]\\n      __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137\\n      __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171\\n      btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313\\n      prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586\\n      relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611\\n      btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081\\n      btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377\\n      __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161\\n      btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538\\n   BTRFS error (device loop0 state EA):   Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\\n      __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\\n      update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\\n      btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\\n      btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\\n      btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\\n      btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\\n      __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\\n      btrfs_update_delayed_i\\n---truncated---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-01-20T06:23:30.028Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-56581\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-11T15:45:24.590Z\", \"dateReserved\": \"2024-12-27T14:03:06.000Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-12-27T14:23:23.193Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.