CVE-2024-50217 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2024-50217?

CVE-2024-50217 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's btrfs filesystem allows an attacker to potentially crash the system or execute arbitrary code. This affects systems using btrfs filesystems with multiple device images sharing the same filesystem ID but different device UUIDs. Attackers with local access can trigger this vulnerability through specific mounting sequences.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's btrfs filesystem allows an attacker to potentially crash the system or execute arbitrary code. This affects systems using btrfs filesystems with multiple device images sharing the same filesystem ID but different device UUIDs. Attackers with local access can trigger this vulnerability through specific mounting sequences.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions not explicitly stated in CVE, but patches available for stable kernel branches.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems using btrfs filesystem with multiple device images sharing same fsid but different dev_uuids, and requires specific mounting sequence.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

System crash or kernel panic causing denial of service.

🟢

If Mitigated

No impact if patched or if btrfs multi-device configurations are not used.

🌐 Internet-Facing: LOW - Requires local access to mount filesystems.

🏢 Internal Only: MEDIUM - Local users or processes with mount privileges can exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires specific mounting sequence of btrfs devices and local access with mount privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel branches via commits 47a83f8df39545f3f552bb6a1b6d9c30e37621dd and aec8e6bf839101784f3ef037dcdb9432c3f32343

Vendor Advisory: http://www.openwall.com/lists/oss-security/2025/04/10/4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Check with your distribution for specific kernel updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid problematic btrfs mounting sequences

linux

Avoid mounting btrfs filesystems from multiple images with same fsid but different dev_uuids in the specific sequence described in the vulnerability.

Disable btrfs multi-device support

linux

If not needed, avoid using btrfs with multiple device configurations.

🧯 If You Can't Patch

Restrict mount privileges to trusted users only
Monitor for unusual btrfs mounting patterns or system crashes

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using btrfs with multi-device configurations. Vulnerable if using unpatched kernel with btrfs.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or check with 'uname -r' after updating.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
btrfs mount errors
system crashes during filesystem operations

SIEM Query:

Search for kernel panic events or btrfs-related errors in system logs

📊 Metadata

CVE ID: CVE-2024-50217

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 9, 2024

Last Updated: April 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50217, you might also want to check these: