CVE-2024-50225: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50225 affects the Linux kernel's BTRFS file system implementation. The vulnerability was discovered in the error propagation mechanism of split bios, specifically in the btrfsbbiopropagate_error() function. The issue affects Linux kernel versions from 6.3 up to (excluding) 6.11.7, and various release candidates of version 6.12 (NVD).

The vulnerability stems from improper error propagation in the BTRFS file system when handling split bios. When btrfs sends btrfsbio to mirrored devices and calls btrfsbioendio(), if the endio is called quickly enough, the origbbio's bio context may not be properly set, leading to a NULL pointer dereference. The issue has a CVSS v3.1 base score of 5.5 (MEDIUM) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability can result in a NULL pointer dereference, potentially causing a system crash (denial of service) when specific conditions are met in the BTRFS file system operations. This is particularly reproducible when running btrfs/146 on zoned devices with the raid-stripe-tree feature enabled (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that introduces a 'status' field to btrfsbbio and modifies the error propagation mechanism. The fix saves the first error of split bios to the original btrfsbio's status variable and ensures proper error propagation when all split bios are finished (Kernel Patch).