Login Sign Up

CVE-2024-46734

4.7 MEDIUM
Denial of Service

📋 TL;DR

A race condition in the Linux kernel's Btrfs filesystem allows concurrent direct I/O writes and fsync operations using the same file descriptor to cause assertion failures or invalid memory access. This affects Linux systems using Btrfs with multi-threaded applications performing these operations simultaneously.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific Btrfs-enabled kernel versions before fixes; check kernel commit history for exact ranges.
Operating Systems: Linux distributions using Btrfs filesystem
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Btrfs filesystem with applications performing concurrent direct I/O writes and fsync operations on same file descriptor.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash due to assertion failure or invalid memory access, leading to denial of service.

🟠

Likely Case

System instability or crash when multi-threaded applications perform concurrent direct I/O writes and fsync operations on Btrfs filesystems.

🟢

If Mitigated

No impact if applications avoid concurrent direct I/O writes and fsync operations on the same file descriptor.

🌐 Internet-Facing: LOW - Requires local access and specific application behavior.
🏢 Internal Only: MEDIUM - Could affect servers running multi-threaded applications on Btrfs filesystems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific multi-threaded application behavior and timing.

Exploitation requires local access and specific application patterns; not easily weaponized for remote attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 01681aa609b5f110502f56c4e3b2938efcf4a5bc, 7b5595f33c3c273613b590892a578d78186bb400, cd3087582e4fa36e89be4e6f859e75a4400292b4, cd9253c23aedd61eb5ff11f37a36247cd46faf86, d116a0b0e02f395cedfb8c725bd67480aa7c428c

Vendor Advisory: https://git.kernel.org/stable/c/01681aa609b5f110502f56c4e3b2938efcf4a5bc

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid concurrent direct I/O and fsync operations

linux

Modify applications to avoid performing direct I/O writes and fsync operations concurrently on the same file descriptor.

Use alternative filesystem

linux

Use ext4, XFS, or other filesystems instead of Btrfs for affected applications.

🧯 If You Can't Patch

  • Monitor system logs for kernel panic or assertion failure messages related to Btrfs.
  • Restrict applications from performing concurrent direct I/O writes and fsync operations on Btrfs filesystems.

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Btrfs is in use: uname -r and cat /proc/filesystems | grep btrfs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: git log --oneline | grep -E '01681aa609b5|7b5595f33c3c|cd3087582e4f|cd9253c23aed|d116a0b0e02f'

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning Btrfs assertion failures
  • System crash logs with stack traces pointing to btrfs_get_ordered_extents_for_logging

SIEM Query:

source="kernel" AND ("btrfs" AND "assertion failed" OR "Oops: invalid opcode")

📊 Metadata

CVE ID: CVE-2024-46734
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-362
Published: September 18, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46734, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)