cve-2024-56774
Vulnerability from cvelistv5
Published
2025-01-08 17:49
Modified
2025-01-08 17:49
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcabPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2decePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6Patch
Impacted products
Vendor Product Version
Linux Linux Version: 5.11
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c71d114ef68c95da5a82ec85a721ab31f5bd905b",
              "status": "affected",
              "version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
              "versionType": "git"
            },
            {
              "lessThan": "db66fb87c21e8ae724886e6a464dcbac562a64c6",
              "status": "affected",
              "version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
              "versionType": "git"
            },
            {
              "lessThan": "757171d1369b3b47f36932d40a05a0715496dcab",
              "status": "affected",
              "version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
              "versionType": "git"
            },
            {
              "lessThan": "93992c3d9629b02dccf6849238559d5c24f2dece",
              "status": "affected",
              "version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
              "versionType": "git"
            },
            {
              "lessThan": "3ed51857a50f530ac7a1482e069dfbd1298558d4",
              "status": "affected",
              "version": "42437a6386ffeaaf200731e73d723ea491f3fe7d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13-rc2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add a sanity check for btrfs root in btrfs_search_slot()\n\nSyzbot reports a null-ptr-deref in btrfs_search_slot().\n\nThe reproducer is using rescue=ibadroots, and the extent tree root is\ncorrupted thus the extent tree is NULL.\n\nWhen scrub tries to search the extent tree to gather the needed extent\ninfo, btrfs_search_slot() doesn\u0027t check if the target root is NULL or\nnot, resulting the null-ptr-deref.\n\nAdd sanity check for btrfs root before using it in btrfs_search_slot()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-08T17:49:13.121Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905b"
        },
        {
          "url": "https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcab"
        },
        {
          "url": "https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2dece"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4"
        }
      ],
      "title": "btrfs: add a sanity check for btrfs root in btrfs_search_slot()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56774",
    "datePublished": "2025-01-08T17:49:13.121Z",
    "dateReserved": "2024-12-29T11:26:39.766Z",
    "dateUpdated": "2025-01-08T17:49:13.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56774\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-01-08T18:15:18.213\",\"lastModified\":\"2025-01-09T21:00:24.247\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbtrfs: add a sanity check for btrfs root in btrfs_search_slot()\\n\\nSyzbot reports a null-ptr-deref in btrfs_search_slot().\\n\\nThe reproducer is using rescue=ibadroots, and the extent tree root is\\ncorrupted thus the extent tree is NULL.\\n\\nWhen scrub tries to search the extent tree to gather the needed extent\\ninfo, btrfs_search_slot() doesn\u0027t check if the target root is NULL or\\nnot, resulting the null-ptr-deref.\\n\\nAdd sanity check for btrfs root before using it in btrfs_search_slot().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: a\u00f1adir una comprobaci\u00f3n de cordura para la ra\u00edz de btrfs en btrfs_search_slot() Syzbot informa de un null-ptr-deref en btrfs_search_slot(). El reproductor est\u00e1 usando rescue=ibadroots, y la ra\u00edz del \u00e1rbol de extensiones est\u00e1 da\u00f1ada, por lo que el \u00e1rbol de extensiones es NULL. Cuando scrub intenta buscar en el \u00e1rbol de extensiones para reunir la informaci\u00f3n de extensi\u00f3n necesaria, btrfs_search_slot() no comprueba si la ra\u00edz de destino es NULL o no, lo que da como resultado el null-ptr-deref. A\u00f1adir una comprobaci\u00f3n de cordura para la ra\u00edz de btrfs antes de usarlo en btrfs_search_slot().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.174\",\"matchCriteriaId\":\"419FD073-1517-4FD5-8158-F94BC68A1E89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.120\",\"matchCriteriaId\":\"09AC6122-E2A4-40FE-9D33-268A1B2EC265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.64\",\"matchCriteriaId\":\"CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.4\",\"matchCriteriaId\":\"04756810-D093-4B43-B1D9-CF5035968061\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2dece\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.