CVE-2024-49868: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49868 is a NULL pointer dereference vulnerability discovered in the Linux kernel's BTRFS filesystem. The issue occurs when a transaction fails to start during block group relocation, specifically in the btrfsupdatereloc_root function. The vulnerability was discovered by Syzbot and reported on October 21, 2024 (NVD).

The vulnerability is triggered during a race condition between transaction handling and relocation control in BTRFS. When an allocation failure occurs at starttransaction() inside preparetorelocate(), the error handling calls unsetreloccontrol(), which sets fsinfo->balancectl to NULL. During the small window between setreloccontrl() and unsetreloccontrol(), a subvolume tree update can create a relocroot, leading to a NULL pointer dereference in btrfsupdaterelocroot() when checking fsinfo->relocctl->mergereloc_tree. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a denial of service through a system crash due to the NULL pointer dereference. The impact is limited to local attacks and affects system availability without compromising confidentiality or integrity (NVD).

The issue has been fixed by adding an extra check on fsinfo->relocctl before accessing fsinfo->relocctl->mergereloctree in the btrfsupdatereloc_root() function. The fix has been implemented in various kernel versions, and users should update to the patched versions: Linux kernel versions up to 5.10.227, 5.15.168, 6.1.113, 6.6.55, 6.10.14, and 6.11.3 (NVD).