Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60 <TASK> btrfs_get_new_fs_root+0xd3/0xf0 create_subvol+0xd02/0x1650 btrfs_mksubvol+0xe95/0x12b0 __btrfs_ioctl_snap_create+0x2f9/0x4f0 btrfs_ioctl_snap_create+0x16b/0x200 btrfs_ioctl+0x35f0/0x5cf0 __x64_sys_ioctl+0x19d/0x210 do_syscall_64+0x3f/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace 0000000000000000 ]--- [CAUSE] During create_subvol(), after inserting root item for the newly created subvolume, we would trigger btrfs_get_new_fs_root() to get the btrfs_root of that subvolume. The idea here is, we have preallocated an anonymous device number for the subvolume, thus we can assign it to the new subvolume. But there is really nothing preventing things like backref walk to read the new subvolume. If that happens before we call btrfs_get_new_fs_root(), the subvolume would be read out, with a new anonymous device number assigned already. In that case, we would trigger ASSERT(), as we really expect no one to read out that subvolume (which is not yet accessible from the fs). But things like backref walk is still possible to trigger the read on the subvolume. Thus our assumption on the ASSERT() is not correct in the first place. [FIX] Fix it by removing the ASSERT(), and just free the @anon_dev, reset it to 0, and continue. If the subvolume tree is read out by something else, it should have already get a new anon_dev assigned thus we only need to free the preallocated one.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| SUSE | |
|---|---|
| Base Score | 5.5 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
Status of this issue by product and package
Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.
| Product(s) | Source package | State |
|---|---|---|
| Products under general support and receiving all security fixes. | ||
| SUSE Enterprise Storage 7.1 | kernel-default | Not affected |
| SUSE Enterprise Storage 7.1 | kernel-source | Not affected |
| SUSE Enterprise Storage 7.1 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Desktop 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | kernel-source | Already fixed |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | kernel-source | Already fixed |
| SUSE Linux Enterprise Micro 5.1 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.1 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.1 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-default | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-rt | Not affected |
| SUSE Linux Enterprise Micro 5.2 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Micro 5.3 | kernel-default | Already fixed |
| SUSE Linux Enterprise Micro 5.3 | kernel-rt | Already fixed |
| SUSE Linux Enterprise Micro 5.3 | kernel-source-rt | Already fixed |
| SUSE Linux Enterprise Micro 5.4 | kernel-default | Already fixed |
| SUSE Linux Enterprise Micro 5.4 | kernel-rt | Already fixed |
| SUSE Linux Enterprise Micro 5.4 | kernel-source-rt | Already fixed |
| SUSE Linux Enterprise Micro 5.5 | kernel-source-rt | Already fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP6 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP5 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise Real Time 12 SP5 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Real Time 15 SP5 | kernel-source-rt | Already fixed |
| SUSE Linux Enterprise Server 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise Server 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise Server 15 SP5 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise Server 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise Server 15 SP6 | kernel-source | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP5 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-default | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-source | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | kernel-default | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | kernel-source | Already fixed |
| SUSE Manager Proxy 4.3 | kernel-default | Already fixed |
| SUSE Manager Proxy 4.3 | kernel-source | Already fixed |
| SUSE Manager Proxy 4.3 | kernel-source-azure | Already fixed |
| SUSE Manager Retail Branch Server 4.3 | kernel-default | Already fixed |
| SUSE Manager Retail Branch Server 4.3 | kernel-source | Already fixed |
| SUSE Manager Retail Branch Server 4.3 | kernel-source-azure | Already fixed |
| SUSE Manager Server 4.3 | kernel-default | Already fixed |
| SUSE Manager Server 4.3 | kernel-source | Already fixed |
| SUSE Manager Server 4.3 | kernel-source-azure | Already fixed |
| SUSE Real Time Module 15 SP5 | kernel-source-rt | Already fixed |
| Products under Long Term Service Pack support and receiving important and critical security fixes. | ||
| SUSE Linux Enterprise Desktop 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | kernel-default | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | kernel-source | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | kernel-default | Already fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP4 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | kernel-default | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise Server 15 SP4 | kernel-source-azure | Already fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | kernel-default | Already fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | kernel-source | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-default | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | kernel-source-azure | Already fixed |
| SUSE OpenStack Cloud 8 | kernel-source | Not affected |
| SUSE OpenStack Cloud 9 | kernel-default | Not affected |
| SUSE OpenStack Cloud 9 | kernel-source | Not affected |
| Products past their end of life and not receiving proactive updates anymore. | ||
| HPE Helion OpenStack 8 | kernel-source | Not affected |
| SUSE CaaS Platform 4.0 | kernel-source | Not affected |
| SUSE Enterprise Storage 6 | kernel-source | Not affected |
| SUSE Enterprise Storage 7 | kernel-source | Not affected |
| SUSE Enterprise Storage 7 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Desktop 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Desktop 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Micro 5.0 | kernel-default | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP2 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Module for Public Cloud 15 SP3 | kernel-source-azure | Not affected |
| SUSE Linux Enterprise Real Time 15 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Real Time 15 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Real Time 15 SP3 | kernel-source-rt | Not affected |
| SUSE Linux Enterprise Real Time 15 SP4 | kernel-source | Already fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | kernel-source-rt | Already fixed |
| SUSE Linux Enterprise Server 11 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 11 SP4 LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 11 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP2-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP3-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4-ESPOS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 12 SP4-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1 | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | kernel-source | Not affected |
| SUSE Linux Enterprise Server 15-LTSS | kernel-default | Not affected |
| SUSE Linux Enterprise Server 15-LTSS | kernel-source | Not affected |
| SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP2 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP3 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | kernel-default | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | kernel-source | Not affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | kernel-source | Not affected |
| SUSE Manager Proxy 4.0 | kernel-source | Not affected |
| SUSE Manager Proxy 4.1 | kernel-source | Not affected |
| SUSE Manager Proxy 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Proxy 4.2 | kernel-source | Not affected |
| SUSE Manager Proxy 4.2 | kernel-source-azure | Not affected |
| SUSE Manager Retail Branch Server 4.0 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.1 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Retail Branch Server 4.2 | kernel-source | Not affected |
| SUSE Manager Retail Branch Server 4.2 | kernel-source-azure | Not affected |
| SUSE Manager Server 4.0 | kernel-source | Not affected |
| SUSE Manager Server 4.1 | kernel-source | Not affected |
| SUSE Manager Server 4.1 | kernel-source-azure | Not affected |
| SUSE Manager Server 4.2 | kernel-source | Not affected |
| SUSE Manager Server 4.2 | kernel-source-azure | Not affected |
| SUSE OpenStack Cloud 7 | kernel-source | Not affected |
| SUSE OpenStack Cloud Crowbar 8 | kernel-source | Not affected |
| SUSE OpenStack Cloud Crowbar 9 | kernel-default | Not affected |
| SUSE OpenStack Cloud Crowbar 9 | kernel-source | Not affected |
| SUSE Real Time Module 15 SP3 | kernel-source-rt | Not affected |
| SUSE Real Time Module 15 SP4 | kernel-source-rt | Already fixed |
SUSE Timeline for this CVE
CVE page created: Wed Apr 3 18:00:14 2024CVE page last modified: Tue Apr 30 16:40:09 2024