CVE-2024-56774: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56774 is a vulnerability in the Linux kernel's btrfs filesystem component, discovered and reported by Syzbot in January 2025. The vulnerability affects Linux kernel versions from 5.11 up to versions before 5.15.174, 6.1.120, 6.6.64, and 6.12.4. The issue stems from a missing sanity check for btrfs root in the btrfssearchslot() function (NVD).

The vulnerability is a NULL pointer dereference in the btrfssearchslot() function. When using the rescue=ibadroots mount option, if the extent tree root becomes corrupted and NULL, the btrfssearchslot() function fails to verify if the target root is NULL before attempting to use it. This occurs specifically when the scrub operation tries to search the extent tree to gather needed extent information (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system crash through a NULL pointer dereference when specific conditions are met, particularly during filesystem operations on corrupted btrfs volumes using the rescue=ibadroots mount option. This primarily affects system availability and can potentially be exploited to cause a denial of service (NVD).

A fix has been implemented by adding a sanity check for the btrfs root before using it in btrfssearchslot(). The patch has been merged into multiple kernel versions and is available in the stable kernel tree. The fix involves a simple validation check to return -EINVAL if the root pointer is NULL (Kernel Patch).