CVE-2024-46687: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's BTRFS filesystem implementation, specifically in the btrfssubmitchunk() function. The vulnerability (CVE-2024-46687) affects Linux kernel versions from 6.3 up to (excluding) 6.6.49 and from 6.7 up to (excluding) 6.10.8, as well as release candidates 6.11-rc1 through 6.11-rc5. The issue was discovered through KASAN (Kernel Address Sanitizer) reporting a use-after-free condition when handling errors during bio submission (NVD).

The vulnerability occurs during the handling of split bio operations in BTRFS. When a read bio crosses stripe boundaries (e.g., a 128K read crossing two 64K stripes), the bio is split into two parts. If an error occurs during the processing of the second part in btrfssubmitchunk(), the code incorrectly calls btrfsbioendio() instead of btrfsorigbbioend_io(), leading to premature freeing of the original bio. This results in a use-after-free condition when the first submitted bio completes and attempts to access the freed memory. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (Kernel Git).

The vulnerability can lead to use-after-free and double-free conditions in the kernel's BTRFS filesystem code. This could potentially result in memory corruption, system crashes, or privilege escalation. The issue affects systems using the BTRFS filesystem and requires local access to exploit (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that modifies the error handling in btrfssubmitchunk(). The fix involves calling btrfsorigbbioendio() instead of btrfsbioend_io() when handling errors, ensuring proper reference counting for cloned bios. Users should update their Linux kernel to versions that include the fix (Kernel Git).