CVE-2024-56759: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56759 addresses a use-after-free vulnerability in the Linux kernel's BTRFS filesystem when Copy-On-Write (COW) operations are performed on tree blocks with tracing enabled. The vulnerability was discovered on January 6, 2025, affecting Linux kernel versions up to (excluding) 6.12.8 and various 6.13 release candidates (rc1-rc4) (NVD).

The vulnerability occurs in the BTRFS filesystem when COWing a tree block at btrfscowblock() with the tracepoint tracebtrfscowblock() and preemption enabled (CONFIGPREEMPT=y). The issue arises because some paths calling btrfscowblock(), such as btrfssearchslot(), hold the last reference on the extent buffer, and btrfsforcecowblock() drops this last reference when calling freeextentbufferstale(buf). This can lead to a use-after-free condition if the current task is preempted before calling tracebtrfscow_block(). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can result in a use-after-free condition in the COWed extent buffer while inside the tracepoint code, potentially leading to system crashes, privilege escalation, or information disclosure on affected Linux systems (Kernel Patch).

The vulnerability has been fixed by moving the tracebtrfscowblock() call from btrfscowblock() to btrfsforcecowblock() before the COWed extent buffer is freed. This fix has been implemented in various kernel versions through patches, including stable kernel branches (Kernel Patch).