CVE-2022-48833: 
CBL Mariner vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2022-48833) was discovered related to the btrfs filesystem. The issue involves not cleaning up space reservations of log tree extent buffers after a transaction abort occurs, as well as not cleaning up still dirty extent buffers (Kernel Git). This vulnerability was disclosed in July 2024.

The vulnerability occurs when writeback for a log tree extent buffer fails, causing the EXTENTBUFFERUPTODATE bit to be cleared and EXTENTBUFFERWRITEERR bit to be set on the extent buffer. When attempting to free the log tree with freelogtree(), which iterates over the tree, an -EIO error can occur when trying to read a node or leaf, as readextentbufferpages() returns -EIO if an extent buffer does not have EXTENTBUFFERUPTODATE set and has EXTENTBUFFERWRITEERR bit set. This causes an immediate return without iterating over the entire tree, resulting in never updating the reserved space for an extent buffer in the respective block group and spaceinfo object (Kernel Git).

When this vulnerability is triggered, it results in warning messages during filesystem unmount and potential memory leaks due to improper cleanup of reserved space and dirty extent buffers. The issue particularly affects the filesystem's space accounting mechanisms and can lead to resource management inconsistencies (Kernel Git).

The issue has been fixed by implementing the following changes: 1) Setting up a flag to indicate log tree cleanup failure, 2) Triggering writeback of all dirty log tree extent buffers and waiting for completion, and 3) Ignoring non-zero reserved bytes counters on unmount for metadata block groups and space_info objects when log tree cleanup fails (Kernel Git).