{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-44963","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T05:34:56.667Z","datePublished":"2024-09-04T18:36:00.948Z","dateUpdated":"2026-01-05T10:52:43.919Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:52:43.919Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/ctree.c","fs/btrfs/extent-tree.c","fs/btrfs/extent-tree.h","fs/btrfs/free-space-tree.c","fs/btrfs/ioctl.c","fs/btrfs/qgroup.c"],"versions":[{"version":"fb235dc06fac9eaa4408ade9c8b20d45d63c89b7","lessThan":"22d907bcd283d69d5e60497fc0d51969545c583b","status":"affected","versionType":"git"},{"version":"fb235dc06fac9eaa4408ade9c8b20d45d63c89b7","lessThan":"98251cd60b4d702a8a81de442ab621e83a3fb24f","status":"affected","versionType":"git"},{"version":"fb235dc06fac9eaa4408ade9c8b20d45d63c89b7","lessThan":"bb3868033a4cccff7be57e9145f2117cbdc91c11","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/ctree.c","fs/btrfs/extent-tree.c","fs/btrfs/extent-tree.h","fs/btrfs/free-space-tree.c","fs/btrfs/ioctl.c","fs/btrfs/qgroup.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"6.6.64","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.5","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.6.64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.10.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b"},{"url":"https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f"},{"url":"https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11"}],"title":"btrfs: do not BUG_ON() when freeing tree block after error","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-44963","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:39:41.059166Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:35.583Z"}}]}}