CVE-2024-58089
📋 TL;DR
A race condition in the Linux kernel's Btrfs filesystem can cause double accounting of ordered extents when btrfs_run_delalloc_range() fails, leading to kernel panic and system crashes. This affects Linux systems using Btrfs with block sizes smaller than page sizes (common on aarch64 with 4K blocks and 64K pages).
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, potentially causing data corruption or loss in Btrfs filesystems.
Likely Case
System crash and denial of service when specific Btrfs operations fail under certain filesystem configurations.
If Mitigated
No impact if patched or not using vulnerable Btrfs configurations.
🎯 Exploit Status
Requires specific Btrfs configuration and filesystem operations to trigger the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check kernel git commits: 0283ee1912c8e243c931f4ee5b3672e954fe0384, 21333148b5c9e52f41fafcedec3810b56a5e0e40, 72dad8e377afa50435940adfb697e070d3556670
Vendor Advisory: https://git.kernel.org/stable/c/0283ee1912c8e243c931f4ee5b3672e954fe0384
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid vulnerable Btrfs configuration
linuxDo not use Btrfs with block size smaller than page size (e.g., avoid 4K blocks with 64K pages)
Use alternative filesystem
linuxUse ext4, xfs, or other filesystems instead of Btrfs on affected systems
🧯 If You Can't Patch
- Monitor system logs for Btrfs errors and kernel warnings
- Avoid heavy Btrfs operations on systems with block size < page size configurations
🔍 How to Verify
Check if Vulnerable:
Check if using Btrfs with block size smaller than page size: 'btrfs filesystem show' and 'getconf PAGE_SIZE'Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commits: 'uname -r' and verify against patched versions📡 Detection & Monitoring
Log Indicators:
- BTRFS critical: bad ordered extent accounting
- WARNING: CPU: ... at ordered-data.c:360
- Kernel panic messages related to Btrfs
SIEM Query:
source="kernel" AND ("BTRFS critical" OR "bad ordered extent accounting" OR "can_finish_ordered_extent")