First published: Mon Jan 06 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last reference on the extent buffer @buf so btrfs_force_cow_block() drops the last reference on the @buf extent buffer when it calls free_extent_buffer_stale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling trace_btrfs_cow_block() and the extent buffer already released by the time trace_btrfs_cow_block() is called, resulting in a use-after-free. Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is called there, but this is fine and it was actually missing there.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <6.12.8 | |
Linux Kernel | =6.13-rc1 | |
Linux Kernel | =6.13-rc2 | |
Linux Kernel | =6.13-rc3 | |
Linux Kernel | =6.13-rc4 | |
debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
debian/linux-6.1 | 6.1.129-1~deb11u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-56759 is classified as a high-severity vulnerability affecting the Linux kernel.
To fix CVE-2024-56759, update the Linux kernel to version 6.12.8 or later.
CVE-2024-56759 affects multiple versions of the Linux kernel, specifically versions up to 6.12.8 and certain 6.13 release candidates.
CVE-2024-56759 involves a use-after-free vulnerability occurring during copy-on-write operations in the btrfs file system.
Disabling tracing and preemption in the kernel may mitigate the effects of CVE-2024-56759 until a patch is applied.