CVE-2024-58089: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locke ---truncated---
AI Analysis
Technical Summary
CVE-2024-58089 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of delayed allocation (delalloc) ranges. The flaw arises when Btrfs is configured with a block size smaller than the system's page size, for example, a 4KB block size with a 64KB page size on an aarch64 architecture. Under these conditions, a race condition occurs during the double accounting of ordered extents when the function btrfs_run_delalloc_range() fails. This leads to inconsistent accounting of ordered extents, triggering kernel warnings and errors such as 'cow_file_range failed' and 'run_delalloc_nocow failed'. The issue can escalate to a kernel NULL pointer dereference and ultimately cause a kernel panic, resulting in a system crash. The vulnerability is reproducible in environments using Btrfs with these specific block and page size configurations, including virtualized environments like QEMU KVM. The root cause is a race condition in the ordered extent accounting logic during delayed allocation failure scenarios, which corrupts internal Btrfs data structures and destabilizes the kernel. This vulnerability affects Linux kernel versions identified by specific commit hashes referenced in the report and has been publicly disclosed without an assigned CVSS score or known exploits in the wild to date.
Potential Impact
For European organizations, the impact of CVE-2024-58089 can be significant, particularly for those relying on Linux systems with Btrfs filesystems configured with smaller block sizes than the page size, which is common in certain ARM64/aarch64 deployments and virtualized environments. The vulnerability can cause kernel panics leading to system crashes and downtime, affecting availability of critical services and infrastructure. This is especially impactful for data centers, cloud providers, and enterprises using Btrfs for storage management, snapshots, or RAID configurations. The integrity of data could also be at risk due to corrupted extent accounting, potentially leading to data loss or filesystem corruption. Since the flaw can be triggered by kernel-level operations, it may be exploited by local users or processes with sufficient privileges, raising concerns for multi-tenant environments and shared hosting providers. The lack of known exploits suggests limited immediate threat, but the severity of potential system crashes warrants prompt attention. Disruptions caused by this vulnerability could affect sectors such as finance, telecommunications, and public services across Europe, where Linux-based infrastructure is prevalent.
Mitigation Recommendations
Mitigation requires applying the official Linux kernel patches that address the double accounting race condition in Btrfs delayed allocation handling. Organizations should: 1) Identify all Linux systems using Btrfs with block sizes smaller than the page size, especially on aarch64 architectures or virtualized platforms. 2) Upgrade to the latest stable Linux kernel versions that include the fix for CVE-2024-58089, ensuring kernel versions correspond to patched commit hashes. 3) Where immediate patching is not feasible, consider temporarily avoiding configurations with mismatched block and page sizes or disabling Btrfs delayed allocation features if possible. 4) Implement robust monitoring for kernel warnings related to Btrfs and kernel panics to detect early signs of exploitation or instability. 5) In virtualized environments, ensure hypervisor and guest configurations align to avoid experimental or unsupported block/page size combinations. 6) Conduct thorough testing of kernel updates in staging environments to prevent regressions. 7) Maintain strict access controls to limit local user privileges, reducing the risk of exploitation. These steps go beyond generic advice by focusing on configuration specifics and environment-aware patch management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark, Ireland
CVE-2024-58089: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a very high chance to crash the kernel at generic/750, with the following messages: (before the call traces, there are 3 extra debug messages added) BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental BTRFS info (device dm-3): checking UUID tree hrtimer: interrupt took 5451385 ns BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28 BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28 ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs] CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs] lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] Call trace: can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P) can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L) btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs] extent_writepage+0x10c/0x3b8 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x160 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x74/0xa0 start_delalloc_inodes+0x17c/0x3b0 [btrfs] btrfs_start_delalloc_roots+0x17c/0x288 [btrfs] shrink_delalloc+0x11c/0x280 [btrfs] flush_space+0x288/0x328 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x228/0x680 worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0 CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89 Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write) pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : process_one_work+0x110/0x680 lr : worker_thread+0x1bc/0x360 Call trace: process_one_work+0x110/0x680 (P) worker_thread+0x1bc/0x360 (L) worker_thread+0x1bc/0x360 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception SMP: stopping secondary CPUs SMP: failed to stop secondary CPUs 2-3 Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: 0x275bb9540000 from 0xffff800080000000 PHYS_OFFSET: 0xffff8fbba0000000 CPU features: 0x100,00000070,00801250,8201720b [CAUSE] The above warning is triggered immediately after the delalloc range failure, this happens in the following sequence: - Range [1568K, 1636K) is dirty 1536K 1568K 1600K 1636K 1664K | |/////////|////////| | Where 1536K, 1600K and 1664K are page boundaries (64K page size) - Enter extent_writepage() for page 1536K - Enter run_delalloc_nocow() with locke ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-58089 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of delayed allocation (delalloc) ranges. The flaw arises when Btrfs is configured with a block size smaller than the system's page size, for example, a 4KB block size with a 64KB page size on an aarch64 architecture. Under these conditions, a race condition occurs during the double accounting of ordered extents when the function btrfs_run_delalloc_range() fails. This leads to inconsistent accounting of ordered extents, triggering kernel warnings and errors such as 'cow_file_range failed' and 'run_delalloc_nocow failed'. The issue can escalate to a kernel NULL pointer dereference and ultimately cause a kernel panic, resulting in a system crash. The vulnerability is reproducible in environments using Btrfs with these specific block and page size configurations, including virtualized environments like QEMU KVM. The root cause is a race condition in the ordered extent accounting logic during delayed allocation failure scenarios, which corrupts internal Btrfs data structures and destabilizes the kernel. This vulnerability affects Linux kernel versions identified by specific commit hashes referenced in the report and has been publicly disclosed without an assigned CVSS score or known exploits in the wild to date.
Potential Impact
For European organizations, the impact of CVE-2024-58089 can be significant, particularly for those relying on Linux systems with Btrfs filesystems configured with smaller block sizes than the page size, which is common in certain ARM64/aarch64 deployments and virtualized environments. The vulnerability can cause kernel panics leading to system crashes and downtime, affecting availability of critical services and infrastructure. This is especially impactful for data centers, cloud providers, and enterprises using Btrfs for storage management, snapshots, or RAID configurations. The integrity of data could also be at risk due to corrupted extent accounting, potentially leading to data loss or filesystem corruption. Since the flaw can be triggered by kernel-level operations, it may be exploited by local users or processes with sufficient privileges, raising concerns for multi-tenant environments and shared hosting providers. The lack of known exploits suggests limited immediate threat, but the severity of potential system crashes warrants prompt attention. Disruptions caused by this vulnerability could affect sectors such as finance, telecommunications, and public services across Europe, where Linux-based infrastructure is prevalent.
Mitigation Recommendations
Mitigation requires applying the official Linux kernel patches that address the double accounting race condition in Btrfs delayed allocation handling. Organizations should: 1) Identify all Linux systems using Btrfs with block sizes smaller than the page size, especially on aarch64 architectures or virtualized platforms. 2) Upgrade to the latest stable Linux kernel versions that include the fix for CVE-2024-58089, ensuring kernel versions correspond to patched commit hashes. 3) Where immediate patching is not feasible, consider temporarily avoiding configurations with mismatched block and page sizes or disabling Btrfs delayed allocation features if possible. 4) Implement robust monitoring for kernel warnings related to Btrfs and kernel panics to detect early signs of exploitation or instability. 5) In virtualized environments, ensure hypervisor and guest configurations align to avoid experimental or unsupported block/page size combinations. 6) Conduct thorough testing of kernel updates in staging environments to prevent regressions. 7) Maintain strict access controls to limit local user privileges, reducing the risk of exploitation. These steps go beyond generic advice by focusing on configuration specifics and environment-aware patch management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-06T15:52:09.187Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd26d
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 11:10:02 PM
Last updated: 7/26/2025, 6:59:09 AM
Views: 13
Related Threats
CVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumCVE-2025-8685: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emilien Wp chart generator
MediumCVE-2025-8621: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in odn Mosaic Generator
MediumCVE-2025-8568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in prabode GMap Generator
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.