CVE-2024-40962: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in the Linux kernel's BTRFS filesystem when handling zoned NODATASUM writes. The vulnerability (CVE-2024-40962) affects Linux kernel versions from 6.5 up to 6.6.36, versions from 6.7 up to 6.9.7, and Linux kernel 6.10 release candidates (rc1 through rc4). The issue was discovered when running fstests' test-case btrfs/167 on emulated zoned devices (Kernel Git).

The vulnerability occurs in the 'btrfszonefinishendio()' function when handling NOCOW (No Copy On Write) writes on zoned devices. The issue manifests as a NULL pointer dereference in the range [0x0000000000000088-0x000000000000008f] due to missing checksums list on the orderedextent. The problem arises because dummy checksums are only attached during zone-append writes, but not during NOCOW zoned data writes on conventional zones. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a denial of service condition through a system crash. The issue specifically affects systems using the BTRFS filesystem with zoned storage devices, particularly when performing NOCOW writes in zoned emulation mode (Kernel Git).

The vulnerability has been fixed by modifying the BTRFS code to attach dummy checksums for NOCOW zoned data writes on conventional zones. The fix has been implemented in the Linux kernel through patches that modify the fs/btrfs/bio.c file. Users should update to patched kernel versions when available (Kernel Git).