CVE-2024-23850: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-23850 affects the Linux kernel through version 6.7.1, specifically in the btrfs_get_root_ref function within fs/btrfs/disk-io.c. The vulnerability was discovered by Chenyuan Yang and involves an assertion failure and crash that occurs when a subvolume can be read out too soon after its root item is inserted during subvolume creation (NVD, Ubuntu).

The vulnerability occurs in the btrfs filesystem's subvolume creation process. During create_subvol(), after inserting a root item for the newly created subvolume, btrfs_get_new_fs_root() is called to get the btrfs_root of that subvolume. While the system preallocates an anonymous device number for the subvolume, there is nothing preventing operations like backref walk from reading the new subvolume before btrfs_get_new_fs_root() is called. This premature access can trigger an assertion failure (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service (system crash) when a local attacker triggers the assertion failure during subvolume creation operations in the btrfs filesystem (Ubuntu).

The issue has been fixed by removing the problematic ASSERT() check and implementing proper handling of preallocated anonymous device numbers. Various Linux distributions have released patches, including Ubuntu for versions 23.10 (mantic) and 22.04 LTS (jammy), and Fedora 39 with kernel version 6.7.6-200.fc39 (Ubuntu, Fedora Update).