CVE-2024-26727Reachable Assertion in Linux

CWE-617Reachable AssertionCWE-20Improper Input Validation6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.95.10.210+5
Debianlinux/linux_kernel< 5.10.216-1+3
CVEListV5linux/linux2dfb1e43f57dd3aeaa66f7cf05d068db2d4c87883f5d47eb163bceb1b9e613c9003bae5fefc0046f+7
debiandebian/linux< linux 6.1.82-1 (bookworm)

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-w9mj-34hr-82rj: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] The2024-04-03
OSV
CVE-2024-26727: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There2024-04-03

📋Vendor Advisories

2
Red Hat
kernel: btrfs: do not ASSERT() if the newly created subvolume already got read2024-04-03
Debian
CVE-2024-26727: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: do n...2024

💬Community

1
Bugzilla
CVE-2024-26727 kernel: btrfs: do not ASSERT() if the newly created subvolume already got read2024-04-03