CVE-2024-46752: btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

Description

In the Linux kernel, the following vulnerability has been resolved:

btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

Instead of a BUG_ON() just return an error, log an error message and
abort the transaction in case we find an extent buffer belonging to the
relocation tree that doesn't have the full backref flag set. This is
unexpected and should never happen (save for bugs or a potential bad
memory).

Classification

CVE ID: CVE-2024-46752

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 28.88% (scored less or equal to compared to others)

EPSS Date: 2025-05-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46752
https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688
https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac
https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491
https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563
https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675

Timeline

2025-05-04 10:40:18 UTC
CVE

btrfs: replace BUG_ON() with error handling at update_ref_for_cow()