CVE-2024-50118
📋 TL;DR
This Linux kernel vulnerability in the Btrfs filesystem allows a local attacker to trigger a kernel crash (denial of service) by mounting a Btrfs filesystem with specific read-only options and then remounting a subvolume as read-write. It affects systems using Btrfs filesystems with certain mount options.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or system instability.
Likely Case
Local denial of service through kernel crash when mounting operations are performed with specific Btrfs options.
If Mitigated
No impact if proper kernel patches are applied or if Btrfs isn't used with vulnerable configurations.
🎯 Exploit Status
Requires local access and specific Btrfs mount operations. Discovered through syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 23724398b55d9570f6ae79dd2ea026fff8896bf1 and 3c36a72c1d27de6618c1c480c793d9924640f5bb
Vendor Advisory: https://git.kernel.org/stable/c/23724398b55d9570f6ae79dd2ea026fff8896bf1
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid vulnerable mount sequences
linuxDo not mount Btrfs filesystems with 'ro,rescue=all,clear_cache,space_cache=v1' options followed by rw subvolume mounting.
🧯 If You Can't Patch
- Avoid using Btrfs filesystem with rescue=all and space_cache=v1 options
- Restrict local user access to mount operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Btrfs is in use with vulnerable mount patternsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than patched version📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Btrfs mount operation failures
- System crash/reboot events
SIEM Query:
Search for kernel panic events or Btrfs mount errors in system logs