CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot()

Description

In the Linux kernel, the following vulnerability has been resolved:

btrfs: add a sanity check for btrfs root in btrfs_search_slot()

Syzbot reports a null-ptr-deref in btrfs_search_slot().

The reproducer is using rescue=ibadroots, and the extent tree root is
corrupted thus the extent tree is NULL.

When scrub tries to search the extent tree to gather the needed extent
info, btrfs_search_slot() doesn't check if the target root is NULL or
not, resulting the null-ptr-deref.

Add sanity check for btrfs root before using it in btrfs_search_slot().

Classification

CVE ID: CVE-2024-56774

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.07% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905b
https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6
https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcab
https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2dece
https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4

Timeline

2025-01-09 00:30:27 UTC
CVE

btrfs: add a sanity check for btrfs root in btrfs_search_slot()