Login Sign Up

CVE-2024-26616

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's btrfs filesystem scrub functionality allows use-after-free conditions when scrubbing filesystems converted from ext4 with chunk lengths not aligned to 64K. It can lead to kernel crashes, data corruption, and system instability. Systems using btrfs filesystems, particularly those converted from ext4, are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects btrfs filesystems, particularly those converted from ext4 with chunk lengths not 64K aligned. Requires btrfs scrub operation to be triggered.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential data corruption, and denial of service.

🟠

Likely Case

System instability, kernel crashes during btrfs scrub operations, and potential data loss on affected filesystems.

🟢

If Mitigated

No impact if btrfs scrub is disabled or filesystem is not converted from ext4.

🌐 Internet-Facing: LOW - Requires local filesystem access and btrfs scrub operation.
🏢 Internal Only: MEDIUM - Can be triggered by authorized users or automated maintenance tasks running btrfs scrub.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger btrfs scrub operation. Not directly remote exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 34de0f04684ec00c093a0455648be055f0e8e24f and 642b9c520ef2f104277ad1f902f8526edbe087fb

Vendor Advisory: https://git.kernel.org/stable/c/34de0f04684ec00c093a0455648be055f0e8e24f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable btrfs scrub

linux

Temporarily disable btrfs scrub operations to prevent triggering the vulnerability

# Disable automatic scrub in /etc/fstab by removing 'autodefrag' mount option
# Avoid running 'btrfs scrub' commands manually

Avoid ext4-converted btrfs filesystems

linux

Use native btrfs filesystems instead of converted ones

# Check if filesystem was converted: btrfs filesystem show
# Consider migrating data to native btrfs if converted

🧯 If You Can't Patch

  • Disable btrfs scrub operations entirely
  • Monitor system logs for 'unable to find chunk map' errors and investigate affected filesystems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using btrfs filesystems converted from ext4. Look for 'unable to find chunk map' errors in dmesg during scrub operations.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits. Test btrfs scrub on affected filesystem and verify no 'unable to find chunk map' errors appear.

📡 Detection & Monitoring

Log Indicators:

  • BTRFS critical: unable to find chunk map
  • KASAN: slab-use-after-free reports
  • System crashes during btrfs scrub operations

Network Indicators:

  • None - local filesystem vulnerability

SIEM Query:

source="kernel" AND ("unable to find chunk map" OR "KASAN: slab-use-after-free" OR "btrfs scrub" AND error)

📊 Metadata

CVE ID: CVE-2024-26616
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 11, 2024
Last Updated: December 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26616, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)