Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's BTRFS filesystem related to the set received ioctl operation. When this ioctl is called with the same received UUID field for many subvolumes, it can cause an item overflow. This overflow triggers a transaction abort because some metadata updates have already been made before the failure.

The transaction abort causes the filesystem to switch into read-only (RO) mode. Importantly, this ioctl does not require administrative privileges (CAP_SYS_ADMIN); it only requires ownership of the subvolume, which means a non-admin user can exploit this.

The fix involves performing an early check for item overflow before starting a transaction, ensuring race safety by holding the subvol_sem semaphore in exclusive write mode.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact you by causing the BTRFS filesystem to become read-only unexpectedly. If exploited, a malicious user who owns a subvolume can trigger the overflow and transaction abort, forcing the filesystem into read-only mode.

This can disrupt normal operations, preventing write access to the filesystem and potentially causing service interruptions or data availability issues.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the fix for the btrfs transaction abort on set received ioctl due to item overflow has been applied.

This fix includes an early check for item overflow before starting a transaction, preventing the filesystem from turning into read-only mode due to this issue.

Until the update is applied, restrict untrusted users from owning or accessing subvolumes to prevent exploitation, as the ioctl does not require admin privileges but does require subvolume ownership.

Useful 0 Not Useful 0