CVE-2024-46840: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46840 is a vulnerability in the Linux kernel's BTRFS filesystem that affects the handling of references during snapshot deletion. The vulnerability was discovered and disclosed on September 27, 2024, affecting multiple versions of the Linux kernel from 4.19.x through 6.10.x (NVD).

The vulnerability exists in the BTRFS filesystem's extent-tree.c file where multiple functions incorrectly handle cases where reference counts equal zero. The issue affects several functions including reada, walk_down_proc, do_walk_down, and walk_up_proc, which previously used BUG_ON(refs == 0) checks that could trigger kernel panics in cases of transient race conditions or filesystem corruption. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a denial of service condition through system crashes when attempting to delete BTRFS snapshots. This occurs particularly in situations where there are race conditions in reference counting or when dealing with extent tree corruption (Kernel Patch).

The vulnerability has been patched by replacing BUG_ON assertions with proper error handling, returning -EUCLEAN instead of triggering kernel panics. The fix has been implemented across multiple kernel versions. System administrators should update to patched kernel versions: Linux kernel versions 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, and 6.10.10 or later (NVD).