CVE-2024-35784: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Because we hold the extent lock for the entire range we could mkwrite into a range in the file that we have mmap'ed. This would deadlock with the following stack trace [<0>] lock_extent+0x28d/0x2f0 [<0>] btrfs_page_mkwrite+0x273/0x8a0 [<0>] do_page_mkwrite+0x50/0xb0 [<0>] do_fault+0xc1/0x7b0 [<0>] __handle_mm_fault+0x2fa/0x460 [<0>] handle_mm_fault+0xa4/0x330 [<0>] do_user_addr_fault+0x1f4/0x800 [<0>] exc_page_fault+0x7c/0x1e0 [<0>] asm_exc_page_fault+0x26/0x30 [<0>] rep_movs_alternative+0x33/0x70 [<0>] _copy_to_user+0x49/0x70 [<0>] fiemap_fill_next_extent+0xc8/0x120 [<0>] emit_fiemap_extent+0x4d/0xa0 [<0>] extent_fiemap+0x7f8/0xad0 [<0>] btrfs_fiemap+0x49/0x80 [<0>] __x64_sys_ioctl+0x3e1/0xb50 [<0>] do_syscall_64+0x94/0x1a0 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 I wrote an fstest to reproduce this deadlock without my replacement lock and verified that the deadlock exists with our existing locking. To fix this simply don't take the extent lock for the entire duration of the fiemap. This is safe in general because we keep track of where we are when we're searching the tree, so if an ordered extent updates in the middle of our fiemap call we'll still emit the correct extents because we know what offset we were on before. The only place we maintain the lock is searching delalloc. Since the delalloc stuff can change during writeback we want to lock the extent range so we have a consistent view of delalloc at the time we're checking to see if we need to set the delalloc flag. With this patch applied we no longer deadlock with my testcase.
AI Analysis
Technical Summary
CVE-2024-35784 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of extent locking during the fiemap ioctl operation. The issue arises because the extent lock is held for the entire duration of the fiemap call, which copies file extent information to user space. During this process, a page fault can occur when copying data to user space, and if the file range is memory-mapped and a write operation (mkwrite) is triggered, it can cause a deadlock due to recursive locking attempts. The deadlock is triggered because the extent lock is not released while waiting for the page fault to resolve, leading to a circular wait condition. The vulnerability was discovered through lockdep annotations and reproduced with a test case, confirming that the existing extent locking mechanism can cause deadlocks under normal code paths. The fix involves reducing the scope of the extent lock during the fiemap operation, holding it only when searching for delayed allocation (delalloc) extents to maintain consistency, but otherwise releasing it to avoid deadlocks. This change ensures that if ordered extents update during the fiemap call, the kernel can still emit correct extent information without risking deadlocks. The vulnerability does not appear to have been exploited in the wild and affects specific Linux kernel versions identified by commit hashes. It is a concurrency and locking issue within the kernel's filesystem code rather than a memory corruption or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2024-35784 primarily concerns system stability and availability rather than direct confidentiality or integrity breaches. Systems running vulnerable Linux kernel versions with Btrfs filesystems could experience deadlocks leading to kernel hangs or unresponsive behavior when applications perform fiemap ioctl calls on memory-mapped files. This can disrupt services relying on Btrfs, including file servers, database systems, and container environments that use this filesystem. Organizations using Btrfs for critical storage or in environments with high concurrency file operations may face increased risk of system downtime or degraded performance. Although no direct data leakage or privilege escalation is indicated, the deadlock could be leveraged by an attacker with local access to cause denial of service (DoS) conditions. This is particularly relevant for multi-tenant environments, cloud providers, and enterprises with Linux-based infrastructure. The lack of known exploits reduces immediate risk, but the potential for DoS and operational disruption necessitates timely patching. European organizations with compliance requirements for system availability and reliability should prioritize mitigation to avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-35784, European organizations should: 1) Apply the official Linux kernel patches that address the extent locking deadlock in Btrfs as soon as they become available from trusted sources or Linux distributions. 2) If patching immediately is not feasible, consider temporarily avoiding or limiting the use of fiemap ioctl calls on memory-mapped files within Btrfs filesystems, especially in high-concurrency scenarios. 3) Monitor system logs and kernel messages for signs of deadlocks or hangs related to Btrfs operations and implement alerting to detect potential triggering of this vulnerability. 4) For environments using containers or virtual machines, ensure that host kernels are updated to prevent propagation of deadlocks affecting containerized workloads. 5) Conduct thorough testing of kernel updates in staging environments to confirm stability and compatibility with existing workloads. 6) Maintain robust backup and recovery procedures to minimize impact in case of system hangs or crashes. 7) Engage with Linux distribution vendors and security advisories to track patch releases and deployment recommendations specific to Btrfs and kernel versions in use.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-35784: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Because we hold the extent lock for the entire range we could mkwrite into a range in the file that we have mmap'ed. This would deadlock with the following stack trace [<0>] lock_extent+0x28d/0x2f0 [<0>] btrfs_page_mkwrite+0x273/0x8a0 [<0>] do_page_mkwrite+0x50/0xb0 [<0>] do_fault+0xc1/0x7b0 [<0>] __handle_mm_fault+0x2fa/0x460 [<0>] handle_mm_fault+0xa4/0x330 [<0>] do_user_addr_fault+0x1f4/0x800 [<0>] exc_page_fault+0x7c/0x1e0 [<0>] asm_exc_page_fault+0x26/0x30 [<0>] rep_movs_alternative+0x33/0x70 [<0>] _copy_to_user+0x49/0x70 [<0>] fiemap_fill_next_extent+0xc8/0x120 [<0>] emit_fiemap_extent+0x4d/0xa0 [<0>] extent_fiemap+0x7f8/0xad0 [<0>] btrfs_fiemap+0x49/0x80 [<0>] __x64_sys_ioctl+0x3e1/0xb50 [<0>] do_syscall_64+0x94/0x1a0 [<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 I wrote an fstest to reproduce this deadlock without my replacement lock and verified that the deadlock exists with our existing locking. To fix this simply don't take the extent lock for the entire duration of the fiemap. This is safe in general because we keep track of where we are when we're searching the tree, so if an ordered extent updates in the middle of our fiemap call we'll still emit the correct extents because we know what offset we were on before. The only place we maintain the lock is searching delalloc. Since the delalloc stuff can change during writeback we want to lock the extent range so we have a consistent view of delalloc at the time we're checking to see if we need to set the delalloc flag. With this patch applied we no longer deadlock with my testcase.
AI-Powered Analysis
Technical Analysis
CVE-2024-35784 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of extent locking during the fiemap ioctl operation. The issue arises because the extent lock is held for the entire duration of the fiemap call, which copies file extent information to user space. During this process, a page fault can occur when copying data to user space, and if the file range is memory-mapped and a write operation (mkwrite) is triggered, it can cause a deadlock due to recursive locking attempts. The deadlock is triggered because the extent lock is not released while waiting for the page fault to resolve, leading to a circular wait condition. The vulnerability was discovered through lockdep annotations and reproduced with a test case, confirming that the existing extent locking mechanism can cause deadlocks under normal code paths. The fix involves reducing the scope of the extent lock during the fiemap operation, holding it only when searching for delayed allocation (delalloc) extents to maintain consistency, but otherwise releasing it to avoid deadlocks. This change ensures that if ordered extents update during the fiemap call, the kernel can still emit correct extent information without risking deadlocks. The vulnerability does not appear to have been exploited in the wild and affects specific Linux kernel versions identified by commit hashes. It is a concurrency and locking issue within the kernel's filesystem code rather than a memory corruption or privilege escalation flaw.
Potential Impact
For European organizations, the impact of CVE-2024-35784 primarily concerns system stability and availability rather than direct confidentiality or integrity breaches. Systems running vulnerable Linux kernel versions with Btrfs filesystems could experience deadlocks leading to kernel hangs or unresponsive behavior when applications perform fiemap ioctl calls on memory-mapped files. This can disrupt services relying on Btrfs, including file servers, database systems, and container environments that use this filesystem. Organizations using Btrfs for critical storage or in environments with high concurrency file operations may face increased risk of system downtime or degraded performance. Although no direct data leakage or privilege escalation is indicated, the deadlock could be leveraged by an attacker with local access to cause denial of service (DoS) conditions. This is particularly relevant for multi-tenant environments, cloud providers, and enterprises with Linux-based infrastructure. The lack of known exploits reduces immediate risk, but the potential for DoS and operational disruption necessitates timely patching. European organizations with compliance requirements for system availability and reliability should prioritize mitigation to avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-35784, European organizations should: 1) Apply the official Linux kernel patches that address the extent locking deadlock in Btrfs as soon as they become available from trusted sources or Linux distributions. 2) If patching immediately is not feasible, consider temporarily avoiding or limiting the use of fiemap ioctl calls on memory-mapped files within Btrfs filesystems, especially in high-concurrency scenarios. 3) Monitor system logs and kernel messages for signs of deadlocks or hangs related to Btrfs operations and implement alerting to detect potential triggering of this vulnerability. 4) For environments using containers or virtual machines, ensure that host kernels are updated to prevent propagation of deadlocks affecting containerized workloads. 5) Conduct thorough testing of kernel updates in staging environments to confirm stability and compatibility with existing workloads. 6) Maintain robust backup and recovery procedures to minimize impact in case of system hangs or crashes. 7) Engage with Linux distribution vendors and security advisories to track patch releases and deployment recommendations specific to Btrfs and kernel versions in use.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T12:19:12.337Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3481
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 3:55:06 PM
Last updated: 7/31/2025, 10:23:26 AM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.