CVE-2024-50273
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-50273 is a vulnerability affecting the Linux kernel's btrfs file system. The issue lies in the function `insert_delayed_ref()`, where a ref's add_list member is not properly reinitialized after being deleted from the list. This leaves the list in an invalid state, leading to a crash when `drop_delayed_ref()` is later called. The crash can result in either invalid pointer dereferences or a splat if certain kernel configurations are in place. The vulnerability can be exploited during merging or when destroying delayed refs due to a transaction abort. The issue has been resolved by changing the deletion method from `list_del()` to `list_del_init()` to ensure proper list initialization.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX