CVE-2024-50273: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50273 is a vulnerability in the Linux kernel's BTRFS file system implementation, discovered in November 2024. The issue affects the delayed reference handling mechanism in the BTRFS subsystem, specifically in the insertdelayedref() function. The vulnerability impacts Linux kernel versions from 4.10 up to (excluding) 6.11.8, including various stable releases in between (NVD).

The vulnerability occurs when updating the action of an existing reference to BTRFSDROPDELAYEDREF. The code uses listdel() to remove the reference from its ref head's refaddlist, but this leaves the ref's addlist member uninitialized. The listdel() function sets the next and prev members of the list to LISTPOISON1 and LISTPOISON2 respectively, without proper reinitialization. When dropdelayedref() is later called, it checks listempty() against the ref's addlist, which returns false due to the uninitialized state, leading to another list_del() call that results in invalid list access (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a system crash (denial of service) through invalid pointer dereferences. The impact is particularly severe when CONFIGLISTHARDENED and CONFIGDEBUGLIST are enabled, resulting in a kernel panic. The vulnerability affects systems using the BTRFS file system and can be triggered during merging operations or when destroying delayed refs due to a transaction abort (NVD).

The vulnerability has been fixed by replacing listdel() with listdel_init() in the affected code, ensuring proper reinitialization of the list after deletion. The fix has been backported to various stable kernel versions. Users should update their Linux kernel to the latest patched version available for their distribution (Kernel Patch).