CVE-2024-57806 is a vulnerability in the Linux kernel's Btrfs filesystem implementation related to the handling of simple quota feature activation. Btrfs (B-tree filesystem) supports quota groups (qgroups) to limit disk usage per subvolume or directory. The vulnerability arises from a transaction atomicity bug when enabling simple quotas. Specifically, the filesystem sets the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE flag in the quota root item before committing the transaction but delays setting the corresponding incompatibility feature bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA in the superblock until after the transaction commits. This ordering flaw means that if the system unmounts the filesystem or experiences a power failure immediately after the transaction commit but before the incompat bit is set, the filesystem will be left in an inconsistent state. Upon the next mount, the kernel encounters the simple mode flag without the expected incompatibility bit, triggering an assertion failure and a kernel BUG at fs/btrfs/qgroup.c:365. This causes the system to crash or kernel panic during mount operations. The issue can be reproduced by formatting a device with Btrfs, enabling quotas, unmounting, and remounting without further transactions. The fix involves setting the incompatibility bit immediately after setting the simple mode flag, ensuring both flags are flushed atomically within the same transaction to maintain filesystem consistency and prevent assertion failures. This vulnerability affects Linux kernel versions including the 6.13.0-rc2 release candidate and potentially others using the affected Btrfs code path with simple quotas enabled.

For European organizations relying on Linux systems with Btrfs filesystems and quota management enabled, this vulnerability can lead to unexpected kernel panics or system crashes during filesystem mount operations. This disrupts availability of critical services and data access, especially in environments using Btrfs for storage management such as cloud infrastructure, virtualization hosts, or enterprise servers. The inability to mount affected filesystems without triggering a kernel BUG could result in downtime, data recovery efforts, and operational delays. Systems with automated reboot or recovery may enter crash loops or require manual intervention. Although no direct data corruption or privilege escalation is indicated, the denial of service impact on storage availability is significant. Organizations with high-availability requirements or those using Btrfs quotas for resource control must prioritize patching to avoid service interruptions. The lack of known exploits in the wild reduces immediate risk, but the reproducibility of the issue and its impact on system stability warrant urgent mitigation.

1. Apply the official Linux kernel patch that addresses CVE-2024-57806 as soon as it becomes available, ensuring the incompatibility bit is set atomically with the simple quota flag. 2. Until patched, avoid enabling simple quotas on Btrfs filesystems or refrain from unmounting and remounting filesystems immediately after enabling quotas to reduce exposure. 3. Implement robust backup and recovery procedures for Btrfs volumes to mitigate potential data unavailability from mount failures. 4. Monitor kernel logs for assertion failures or BUG messages related to btrfs_read_qgroup_config to detect attempts to mount affected filesystems. 5. For critical systems, consider temporarily disabling quota features or migrating data to alternative filesystems if patching is delayed. 6. Incorporate filesystem integrity checks and mount testing in maintenance windows to detect and remediate issues proactively. 7. Coordinate with Linux distribution vendors for timely kernel updates and security advisories.