CVE-2024-56759:
CVE-2024-56759: Linux kernel Btrfs COW path use-after-free when tracing is enabled and preemption is active; fixed by moving the tracepoint invocation before the extent buffer is freed. Affected kernel versions prior to the fix; local attacker with low privileges can exploit for high impact on confidentiality, integrity, and availability (CWE-416).
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.8High- Published Date:Jan 6, 2025
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.0
- EPSS Percentile:4%
Exploitability
- Score:1.8
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
CVE-2024-56759: Linux kernel Btrfs COW path use-after-free when tracing is enabled and preemption is active; fixed by moving the tracepoint invocation before the extent buffer is freed. Affected kernel versions prior to the fix; local attacker with low privileges can exploit for high impact on confidentiality, integrity, and availability (CWE-416).
Overview
This vulnerability is a use-after-free in the Btrfs Copy-On-Write path when tracing is turned on and preemption is enabled, which can lead to memory safety issues in the extent buffer. The root cause is an incorrect ordering of a tracepoint relative to buffer freeing. The fix moves the tracepoint to occur before the buffer is freed, guarding against premature release and potential exploitation. The issue affects several Linux kernel versions prior to the fixes and has been resolved in the stable releases linked in the references.
Remediation
- Upgrade to a Linux kernel version that includes the fix (the commits referenced in the stable kernel updates). This is the most reliable remediation.
- If upgrading is not immediately possible, apply the patch from the stable repository to your affected kernel tree and recompile/redeploy kernels containing the fix.
- After upgrading or applying the patch, verify the kernel boots cleanly and run relevant Btrfs tests with tracing enabled and preemption active to ensure the issue is mitigated.
- As a temporary mitigation (not a substitute for the fix), you may disable or avoid enabling the tracepoint trace_btrfs_cow_block() in production until a patched kernel is deployed. Do not rely on this as a long-term solution.
- Validate the system’s stability and security posture post-upgrade, ensuring that tracing configurations do not reintroduce the condition.
References
- - [ba5120a2fb5f23b4d39d302e181aa5d4e28a90d1](https://git.kernel.org/stable/c/ba5120a2fb5f23b4d39d302e181aa5d4e28a90d1)
- - [526ff5b27f090fb15040471f892cd2c9899ce314](https://git.kernel.org/stable/c/526ff5b27f090fb15040471f892cd2c9899ce314)
- - [66376f1a73cba57fd0af2631d7888605b738e499](https://git.kernel.org/stable/c/66376f1a73cba57fd0af2631d7888605b738e499)
- - [9a466b8693b9add05de99af00c7bdff8259ecf19](https://git.kernel.org/stable/c/9a466b8693b9add05de99af00c7bdff8259ecf19)
- - [c3a403d8ce36f5a809a492581de5ad17843e4701](https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701)
- - [44f52bbe96dfdbe4aca3818a2534520082a07040](https://git.kernel.org/stable/c/44f52bbe96dfdbe4aca3818a2534520082a07040)
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
