CVE-2024-46753 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c
https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869
https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1
https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72
https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d
https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de
https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-46753
https://www.cve.org/CVERecord?id=CVE-2024-46753

History

Thu, 10 Apr 2025 13:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869 https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72 https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d

Fri, 22 Nov 2024 15:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-703

Sun, 29 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 18 Sep 2024 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-46753 https://www.cve.org/CVERecord?id=CVE-2024-46753
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 18 Sep 2024 07:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.
Title		btrfs: handle errors from btrfs_dec_ref() properly
References		https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-18T07:12:12.795Z

Updated: 2025-05-04T09:33:27.415Z

Reserved: 2024-09-11T15:12:18.269Z

Link: CVE-2024-46753

Vulnrichment

Updated: 2024-09-29T14:47:08.601Z

NVD

Status : Awaiting Analysis

Published: 2024-09-18T08:15:04.107

Modified: 2025-04-10T13:15:45.023

Link: CVE-2024-46753

Redhat

Severity : Low

Publid Date: 2024-09-18T00:00:00Z

Links: CVE-2024-46753 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46753", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.269Z", "datePublished": "2024-09-18T07:12:12.795Z", "dateUpdated": "2025-05-04T09:33:27.415Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:33:27.415Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/btrfs/extent-tree.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0e4840ae09f375381167000ce47424818fcbcc7c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2c4fe45351e544da4b8f10c74b277117a4fa7869", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9c8237021b53d52357c0de07a768582fafb2791d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "67e4ca7ddc67ef949326b4dc404a9678bbe67d72", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a7f16a7a709845855cb5a0e080a52bda5873f9de", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5eb178f373b4f16f3b42d55ff88fc94dd95b93b1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/btrfs/extent-tree.c"], "versions": [{"version": "5.10.236", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.180", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.134", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.87", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.10", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.236"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.180"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c"}, {"url": "https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869"}, {"url": "https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d"}, {"url": "https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72"}, {"url": "https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de"}, {"url": "https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1"}], "title": "btrfs: handle errors from btrfs_dec_ref() properly", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:47:04.487363Z", "id": "CVE-2024-46753", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:47:18.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46753", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:47:04.487363Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:47:08.601Z"}}], "cna": {"title": "btrfs: handle errors from btrfs_dec_ref() properly", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0e4840ae09f375381167000ce47424818fcbcc7c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2c4fe45351e544da4b8f10c74b277117a4fa7869", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9c8237021b53d52357c0de07a768582fafb2791d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "67e4ca7ddc67ef949326b4dc404a9678bbe67d72", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a7f16a7a709845855cb5a0e080a52bda5873f9de", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "5eb178f373b4f16f3b42d55ff88fc94dd95b93b1", "versionType": "git"}], "programFiles": ["fs/btrfs/extent-tree.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.236", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.180", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.134", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.87", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.10", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/btrfs/extent-tree.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c"}, {"url": "https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869"}, {"url": "https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d"}, {"url": "https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72"}, {"url": "https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de"}, {"url": "https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.236"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.180"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.134"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.87"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:33:27.415Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46753", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:33:27.415Z", "dateReserved": "2024-09-11T15:12:18.269Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-18T07:12:12.795Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: manejo correcto de errores de btrfs_dec_ref() En walk_up_proc() ejecutamos BUG_ON(ret) desde btrfs_dec_ref(). Esto es incorrecto, aqu\u00ed tenemos un manejo correcto de errores, devolvemos el error."}], "id": "CVE-2024-46753", "lastModified": "2025-04-10T13:15:45.023", "metrics": {}, "published": "2024-09-18T08:15:04.107", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: btrfs: handle errors from btrfs_dec_ref() properly", "id": "2313101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313101"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-703", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbtrfs: handle errors from btrfs_dec_ref() properly\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error."], "name": "CVE-2024-46753", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46753\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46753\nhttps://lore.kernel.org/linux-cve-announce/2024091839-CVE-2024-46753-5ec2@gregkh/T"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object