CVE-2024-46753

btrfs: handle errors from btrfs_dec_ref() properly

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is
incorrect, we have proper error handling here, return the error.

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-11 CVE Reserved
2024-09-18 CVE Published
2025-05-04 CVE Updated
2025-06-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c	2025-04-10
https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869	2025-04-10
https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d	2025-04-10
https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72	2025-04-10
https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de	2024-09-12
https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1	2024-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.236 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.236"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.180 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.180"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.134 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.134"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.87 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.87"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.11 Search vendor "Linux" for product "Linux Kernel" and version " < 6.11"		en		Affected