CVE-2024-47741: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47741 is a race condition vulnerability in the Linux kernel's BTRFS file system implementation. The vulnerability was discovered in the handling of concurrent lseek system calls against the same file descriptor using multiple threads belonging to the same process. The issue affects Linux kernel versions from 6.2 up to (excluding) 6.6.54, versions from 6.7 up to (excluding) 6.10.13, and versions from 6.11 up to (excluding) 6.11.2 (NVD).

The vulnerability occurs during concurrent lseek(2) system calls with SEEKDATA or SEEKHOLE operations. When multiple threads use the same file descriptor, a race condition exists in the file.c:finddesiredextent() function. The race happens when extracting and setting the file's private_data pointer, leading to potential memory leaks and use-after-free issues with the cached state record. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in two primary issues: 1) A memory leak when multiple threads allocate private structures but only one gets assigned to the file descriptor, and 2) A potential use-after-free vulnerability in the cached state record (struct btrfsfileprivate::llseekcachedstate) since multiple threads may access it while only one holds the reference count. This could lead to system instability or potential security implications (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that protects the private assignment and check of a file while holding the inode's spinlock. The fix also includes tracking the task that allocated the private structure to ensure it's used only by that task. Users should upgrade to Linux kernel versions 6.6.54, 6.10.13, or 6.11.2 or later to receive the fix (Kernel Patch).