CVE-2024-46840

Oct. 8, 2024, 6:15 p.m.

5.5
Medium

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/03804641ec2d0da4fa088ad21c88e703d151ce16
https://git.kernel.org/stable/c/71291aa7246645ef622621934d2067400380645e
https://git.kernel.org/stable/c/728d4d045b628e006b48a448f3326a7194c88d32
https://git.kernel.org/stable/c/7d1df13bf078ffebfedd361d714ff6cee1ff01b9
https://git.kernel.org/stable/c/9cc887ac24b7a0598f4042ae9af6b9a33072f75b
https://git.kernel.org/stable/c/b8ccef048354074a548f108e51d0557d6adfd3a3
https://git.kernel.org/stable/c/c60676b81fab456b672796830f6d8057058f029c
https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD-CWE-noinfo
2024-09-27
CVE-2024-46840

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Date

  • Published: Sept. 27, 2024, 1:15 p.m.
  • Last Modified: Oct. 8, 2024, 6:15 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.