CVE-2024-35849
📋 TL;DR
This vulnerability in the Linux kernel's btrfs filesystem allows uninitialized kernel memory to be leaked to user-space via the btrfs_ioctl_logical_to_ino() function. Attackers can exploit this to read sensitive kernel memory contents. Any system running an affected Linux kernel with btrfs filesystem support is potentially vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure could reveal sensitive information like encryption keys, passwords, or other privileged data stored in kernel memory, potentially enabling further attacks.
Likely Case
Information leak exposing kernel memory contents, which could aid attackers in bypassing security mechanisms or preparing more sophisticated attacks.
If Mitigated
Limited impact if proper access controls restrict btrfs ioctl usage to privileged users only.
🎯 Exploit Status
Discovered by Syzbot fuzzer. Exploitation requires local access and ability to call the affected ioctl.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes: 2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf and others
Vendor Advisory: https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict btrfs ioctl access
linuxLimit access to btrfs ioctl functions using SELinux/AppArmor policies or capability restrictions
🧯 If You Can't Patch
- Restrict user access to btrfs filesystems and ioctl operations
- Implement strict access controls and monitor for suspicious btrfs ioctl usage
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if btrfs module is loaded: lsmod | grep btrfsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the fix commit: uname -r and check kernel changelog📡 Detection & Monitoring
Log Indicators:
- Unusual btrfs ioctl calls in system logs
- Failed permission attempts to btrfs functions
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Search for btrfs_ioctl_logical_to_ino calls or unusual btrfs operations in system logs🔗 References
- https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf
- https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6
- https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc
- https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772
- https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86
- https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6
- https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d
- https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54
- https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf
- https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6
- https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc
- https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772
- https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86
- https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6
- https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d
- https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
