CVE-2024-49869: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49869 affects the Linux kernel's btrfs send functionality. The vulnerability was discovered in the buffer overflow detection mechanism when copying paths to cache entries. The issue stems from a mismatch between the array length and the namelen field in the namecacheentry structure, where the array length includes a NUL terminator while namelen does not, causing false positive buffer overflow detections in fortified kernels (NVD).

The vulnerability was introduced by commit c0247d289e73 which annotated the variable length array 'name' with _countedby() to improve overflow detection. However, the implementation was incorrect as the length of the array includes the NUL string terminator while the name_len field does not account for it. This mismatch causes the fortified kernel to incorrectly detect and report buffer overflows. The issue affects Linux kernel versions from 6.11 up to (excluding) 6.11.3. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When triggered, the vulnerability causes the kernel to incorrectly detect buffer overflows and generate warning messages, potentially leading to system instability. The issue manifests as false positive detections that report buffer overflow conditions when copying path strings to cache entries in the btrfs send operation (Kernel Patch).

The vulnerability has been fixed by removing the NUL string terminator storage since it's not required for name cache entries. The fix involves marking the 'name' array field with __nonstring and using memcpy() instead of strcpy(). Users should upgrade to Linux kernel version 6.11.3 or later which contains the fix (Kernel Patch).