CVE-2024-35956: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a transaction, we convert PREALLOC to PERTRANS, which gets cleared in bulk at the end of the transaction. However, the error paths of these three operations were not implementing this lifecycle correctly. They unconditionally converted the PREALLOC to PERTRANS in a generic cleanup step regardless of errors or whether the operation was fully associated to a transaction or not. This resulted in error paths occasionally converting this rsv to PERTRANS without calling record_root_in_trans successfully, which meant that unless that root got recorded in the transaction by some other thread, the end of the transaction would not free that root's PERTRANS, leaking it. Ultimately, this resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount for the leaked reservation. The fix is to ensure that every qgroup PREALLOC reservation observes the following properties: 1. any failure before record_root_in_trans is called successfully results in freeing the PREALLOC reservation. 2. after record_root_in_trans, we convert to PERTRANS, and now the transaction owns freeing the reservation. This patch enforces those properties on the three operations. Without it, generic/269 with squotas enabled at mkfs time would fail in ~5-10 runs on my system. With this patch, it ran successfully 1000 times in a row.
AI Analysis
Technical Summary
CVE-2024-35956 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to quota groups (qgroups) metadata reservation during subvolume operations. Btrfs uses qgroups to track and enforce disk usage quotas on subvolumes. The vulnerability arises from improper handling of the lifecycle of qgroup preallocation (PREALLOC) reservations during three key operations: creating a subvolume, creating a snapshot, and deleting a subvolume. These operations reserve metadata space using btrfs_subvolume_reserve_metadata(), which initially reserves qgroup metadata of type PREALLOC. When the operation becomes associated with a transaction, the reservation is converted to PERTRANS, which is then cleared at the end of the transaction. However, error paths in these operations incorrectly convert PREALLOC to PERTRANS even if the operation was not fully associated with a transaction or if errors occurred before record_root_in_trans() was successfully called. This leads to a leak of PERTRANS reservations because the transaction does not own or free these leaked reservations unless another thread records the root in the transaction. The consequence is a resource leak that can trigger warnings in debug builds and potentially degrade filesystem stability or performance over time. The patch fixes this by ensuring that any failure before record_root_in_trans() results in freeing the PREALLOC reservation immediately, and only after successful recording is the reservation converted to PERTRANS and managed by the transaction. This correction prevents the leak and stabilizes quota metadata handling during subvolume operations. The vulnerability does not appear to have known exploits in the wild and primarily affects systems with Btrfs and quota groups enabled.
Potential Impact
For European organizations, the impact of CVE-2024-35956 depends largely on their use of Linux systems with Btrfs filesystems configured with quota groups. Organizations running servers, storage appliances, or cloud infrastructure using Btrfs with quotas enabled may experience resource leaks leading to degraded filesystem performance, potential instability, or unexpected warnings during unmount operations. Over time, this could cause operational disruptions or increased maintenance overhead. While the vulnerability does not directly enable privilege escalation, remote code execution, or data corruption, the resource leak could indirectly affect system availability or reliability, especially in environments with heavy subvolume management. Enterprises relying on Linux-based storage solutions or container environments using Btrfs snapshots may be more exposed. Given the widespread use of Linux in European data centers, cloud providers, and enterprises, failure to patch could lead to subtle filesystem issues impacting service continuity. However, the absence of known exploits and the requirement for quota groups to be enabled limit the immediate risk to confidentiality or integrity.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using Btrfs filesystems with quota groups enabled, focusing on servers and storage nodes managing subvolumes or snapshots. 2) Apply the official Linux kernel patch that corrects the qgroup reservation lifecycle as soon as it is available in their distribution's kernel updates. 3) For systems where immediate patching is not feasible, monitor system logs for Btrfs warnings related to qgroup reservations or unmount issues as early indicators of the problem. 4) Implement operational procedures to limit frequent creation/deletion of subvolumes or snapshots until patched, reducing exposure to the leak. 5) Test kernel updates in staging environments to ensure compatibility and stability before production deployment. 6) Engage with Linux distribution vendors to confirm inclusion of the fix in upcoming releases and backports for long-term support kernels. 7) Consider alternative filesystems or configurations if quota group functionality is not critical, as a temporary workaround. These targeted actions go beyond generic advice by focusing on the specific Btrfs quota group context and operational practices around subvolume management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Italy, Spain
CVE-2024-35956: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a transaction, we convert PREALLOC to PERTRANS, which gets cleared in bulk at the end of the transaction. However, the error paths of these three operations were not implementing this lifecycle correctly. They unconditionally converted the PREALLOC to PERTRANS in a generic cleanup step regardless of errors or whether the operation was fully associated to a transaction or not. This resulted in error paths occasionally converting this rsv to PERTRANS without calling record_root_in_trans successfully, which meant that unless that root got recorded in the transaction by some other thread, the end of the transaction would not free that root's PERTRANS, leaking it. Ultimately, this resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount for the leaked reservation. The fix is to ensure that every qgroup PREALLOC reservation observes the following properties: 1. any failure before record_root_in_trans is called successfully results in freeing the PREALLOC reservation. 2. after record_root_in_trans, we convert to PERTRANS, and now the transaction owns freeing the reservation. This patch enforces those properties on the three operations. Without it, generic/269 with squotas enabled at mkfs time would fail in ~5-10 runs on my system. With this patch, it ran successfully 1000 times in a row.
AI-Powered Analysis
Technical Analysis
CVE-2024-35956 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to quota groups (qgroups) metadata reservation during subvolume operations. Btrfs uses qgroups to track and enforce disk usage quotas on subvolumes. The vulnerability arises from improper handling of the lifecycle of qgroup preallocation (PREALLOC) reservations during three key operations: creating a subvolume, creating a snapshot, and deleting a subvolume. These operations reserve metadata space using btrfs_subvolume_reserve_metadata(), which initially reserves qgroup metadata of type PREALLOC. When the operation becomes associated with a transaction, the reservation is converted to PERTRANS, which is then cleared at the end of the transaction. However, error paths in these operations incorrectly convert PREALLOC to PERTRANS even if the operation was not fully associated with a transaction or if errors occurred before record_root_in_trans() was successfully called. This leads to a leak of PERTRANS reservations because the transaction does not own or free these leaked reservations unless another thread records the root in the transaction. The consequence is a resource leak that can trigger warnings in debug builds and potentially degrade filesystem stability or performance over time. The patch fixes this by ensuring that any failure before record_root_in_trans() results in freeing the PREALLOC reservation immediately, and only after successful recording is the reservation converted to PERTRANS and managed by the transaction. This correction prevents the leak and stabilizes quota metadata handling during subvolume operations. The vulnerability does not appear to have known exploits in the wild and primarily affects systems with Btrfs and quota groups enabled.
Potential Impact
For European organizations, the impact of CVE-2024-35956 depends largely on their use of Linux systems with Btrfs filesystems configured with quota groups. Organizations running servers, storage appliances, or cloud infrastructure using Btrfs with quotas enabled may experience resource leaks leading to degraded filesystem performance, potential instability, or unexpected warnings during unmount operations. Over time, this could cause operational disruptions or increased maintenance overhead. While the vulnerability does not directly enable privilege escalation, remote code execution, or data corruption, the resource leak could indirectly affect system availability or reliability, especially in environments with heavy subvolume management. Enterprises relying on Linux-based storage solutions or container environments using Btrfs snapshots may be more exposed. Given the widespread use of Linux in European data centers, cloud providers, and enterprises, failure to patch could lead to subtle filesystem issues impacting service continuity. However, the absence of known exploits and the requirement for quota groups to be enabled limit the immediate risk to confidentiality or integrity.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems using Btrfs filesystems with quota groups enabled, focusing on servers and storage nodes managing subvolumes or snapshots. 2) Apply the official Linux kernel patch that corrects the qgroup reservation lifecycle as soon as it is available in their distribution's kernel updates. 3) For systems where immediate patching is not feasible, monitor system logs for Btrfs warnings related to qgroup reservations or unmount issues as early indicators of the problem. 4) Implement operational procedures to limit frequent creation/deletion of subvolumes or snapshots until patched, reducing exposure to the leak. 5) Test kernel updates in staging environments to ensure compatibility and stability before production deployment. 6) Engage with Linux distribution vendors to confirm inclusion of the fix in upcoming releases and backports for long-term support kernels. 7) Consider alternative filesystems or configurations if quota group functionality is not critical, as a temporary workaround. These targeted actions go beyond generic advice by focusing on the specific Btrfs quota group context and operational practices around subvolume management.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.136Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbddcb8
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:26:51 AM
Last updated: 8/12/2025, 10:50:41 AM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.