CVE-2024-35936
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption,
as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is an inexact search and the key->offset will contain the correct offset upon a successful search, a valid chunk tree item cannot have an offset -1 - after first successful search, the found_key corresponds to a chunk item, the offset is decremented by 1 before the next loop, it's impossible to find a chunk item there due to alignment and size constraints
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: maneja el error de búsqueda del árbol de fragmentos en btrfs_relocate_sys_chunks() El caso no controlado en el bucle btrfs_relocate_sys_chunks() es una corrupción, ya que solo podría ser causado por dos condiciones imposibles: - al principio el La clave de búsqueda está configurada para buscar un elemento del árbol de fragmentos, con desplazamiento -1, esta es una búsqueda inexacta y la clave->desplazamiento contendrá el desplazamiento correcto tras una búsqueda exitosa, un elemento de árbol de fragmentos válido no puede tener un desplazamiento -1 - después de la primera búsqueda exitosa, found_key corresponde a un elemento fragmentado, el desplazamiento se reduce en 1 antes del siguiente ciclo, es imposible encontrar un elemento fragmentado allí debido a restricciones de alineación y tamaño
In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is an inexact search and the key->offset will contain the correct offset upon a successful search, a valid chunk tree item cannot have an offset -1 - after first successful search, the found_key corresponds to a chunk item, the offset is decremented by 1 before the next loop, it's impossible to find a chunk item there due to alignment and size constraints
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-19 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
|
|
| https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.312" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.274" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.215" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.15.155 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.155" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.1.86 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.86" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.6.27 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.27" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.8.6 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9" | en |
Affected
| ||||||