Lucene search

[email protected]NVD:CVE-2024-23850

HistoryJan 23, 2024 - 9:15 a.m.

CVE-2024-23850

2024-01-2309:15:36

[email protected]

web.nvd.nist.gov

linux kernel

btrfs

subvolume creation

assertion failure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤6.7.1

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

lists.debian.org/debian-lts-announce/2024/06/msg00017.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/

lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com/

lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2024-23850

debiancve1 cbl_mariner2 cnvd1 redhatcve1 cvelist1 nessus26 cve1 prion1 ubuntucve1 vulnrichment1 photon2 fedora1 openvas15 osv6 ubuntu4 debian2 slackware1