What is the severity of CVE-2024-50217?

CVE-2024-50217 has a high severity rating due to potential use-after-free vulnerabilities in the Linux kernel's btrfs file system.

How do I fix CVE-2024-50217?

To fix CVE-2024-50217, update the Linux kernel to version 6.12 or later, or apply the specific patches provided by your distribution.

Which versions of the Linux kernel are affected by CVE-2024-50217?

CVE-2024-50217 affects Linux kernel versions from 4.8 up to 6.11.7, as well as specific 6.12 release candidates.

What is a use-after-free vulnerability as seen in CVE-2024-50217?

A use-after-free vulnerability allows an attacker to exploit memory management issues, potentially leading to crashes or arbitrary code execution.

Is there a public patch available for CVE-2024-50217?

Yes, patches for CVE-2024-50217 have been made available in the Linux kernel's repositories for affected versions.

Vulnerability/
CVE-2024-50217

high

7.8

CWE

416

9/11/2024

19/12/2024

CVE-2024-50217: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

First published: Sat Nov 09 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Mounting btrfs from two images (which have the same one fsid and two different dev_uuids) in certain executing order may trigger an UAF for variable 'device->bdev_file' in __btrfs_free_extra_devids(). And following are the details: 1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs devices by ioctl(BTRFS_IOC_SCAN_DEV): / btrfs_device_1 ? loop0 fs_device \ btrfs_device_2 ? loop1 2. mount /dev/loop0 /mnt btrfs_open_devices btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0) btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree fail: btrfs_close_devices // -ENOMEM btrfs_close_bdev(btrfs_device_1) fput(btrfs_device_1->bdev_file) // btrfs_device_1->bdev_file is freed btrfs_close_bdev(btrfs_device_2) fput(btrfs_device_2->bdev_file) 3. mount /dev/loop1 /mnt btrfs_open_devices btrfs_get_bdev_and_sb(&bdev_file) // EIO, btrfs_device_1->bdev_file is not assigned, // which points to a freed memory area btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree btrfs_free_extra_devids if (btrfs_device_1->bdev_file) fput(btrfs_device_1->bdev_file) // UAF ! Fix it by setting 'device->bdev_file' as 'NULL' after closing the btrfs_device in btrfs_close_one_device().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel	>=4.8<6.11.7
Linux Kernel	=6.12-rc1
Linux Kernel	=6.12-rc2
Linux Kernel	=6.12-rc3
Linux Kernel	=6.12-rc4
Linux Kernel	=6.12-rc5

Remedy

https://git.kernel.org/stable/c/47a83f8df39545f3f552bb6a1b6d9c30e37621dd

Remedy

https://git.kernel.org/stable/c/aec8e6bf839101784f3ef037dcdb9432c3f32343

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50217?
CVE-2024-50217 has a high severity rating due to potential use-after-free vulnerabilities in the Linux kernel's btrfs file system.
How do I fix CVE-2024-50217?
To fix CVE-2024-50217, update the Linux kernel to version 6.12 or later, or apply the specific patches provided by your distribution.
Which versions of the Linux kernel are affected by CVE-2024-50217?
CVE-2024-50217 affects Linux kernel versions from 4.8 up to 6.11.7, as well as specific 6.12 release candidates.
What is a use-after-free vulnerability as seen in CVE-2024-50217?
A use-after-free vulnerability allows an attacker to exploit memory management issues, potentially leading to crashes or arbitrary code execution.
Is there a public patch available for CVE-2024-50217?
Yes, patches for CVE-2024-50217 have been made available in the Linux kernel's repositories for affected versions.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/author
agent/event
agent/description
agent/severity
agent/remedy
agent/softwarecombine
agent/weakness
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/4.8
version/linux kernel/6.12-rc1
version/linux kernel/6.12-rc2
version/linux kernel/6.12-rc3
version/linux kernel/6.12-rc4
version/linux kernel/6.12-rc5

Frequently Asked Questions

What is the severity of CVE-2024-50217?
CVE-2024-50217 has a high severity rating due to potential use-after-free vulnerabilities in the Linux kernel's btrfs file system.
How do I fix CVE-2024-50217?
To fix CVE-2024-50217, update the Linux kernel to version 6.12 or later, or apply the specific patches provided by your distribution.
Which versions of the Linux kernel are affected by CVE-2024-50217?
CVE-2024-50217 affects Linux kernel versions from 4.8 up to 6.11.7, as well as specific 6.12 release candidates.
What is a use-after-free vulnerability as seen in CVE-2024-50217?
A use-after-free vulnerability allows an attacker to exploit memory management issues, potentially leading to crashes or arbitrary code execution.
Is there a public patch available for CVE-2024-50217?
Yes, patches for CVE-2024-50217 have been made available in the Linux kernel's repositories for affected versions.

CVE-2024-50217: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-50217?

How do I fix CVE-2024-50217?

Which versions of the Linux kernel are affected by CVE-2024-50217?

What is a use-after-free vulnerability as seen in CVE-2024-50217?

Is there a public patch available for CVE-2024-50217?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-50217?

How do I fix CVE-2024-50217?

Which versions of the Linux kernel are affected by CVE-2024-50217?

What is a use-after-free vulnerability as seen in CVE-2024-50217?

Is there a public patch available for CVE-2024-50217?