CVE-2024-42231

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 30, 2024
CWE ID 682

Summary

CVE-2024-42231 is a vulnerability affecting the Linux kernel's btrfs file system in zoned mode. The issue lies in the calc_available_free_space() function, which incorrectly calculates the available free space for metadata or system block groups. Specifically, the data_chunk_size calculation is incorrect in zoned mode, leading to potential over-commitment of unallocated disk space. Additionally, the result may not be zone-aligned, reducing pressure on the async metadata reclaim process and potentially leading to ENOSPC errors. This vulnerability is particularly serious for nearly full devices with large zone sizes, as it can allow for significant over-commitment and hinder the efficiency of async reclaim work.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share