Linux Kernel Btrfs RAID1C23/DUP Allocation Profile Handling Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, specifically related to how allocation profiles are managed for RAID1C23 and DUP configurations. The issue arose because the function 'btrfs_reduce_alloc_profile' did not properly account for new profile flags introduced with the DUP and RAID1C34 profiles. This oversight could lead to the function returning multiple allocation profiles, causing a transaction abort error when the file system attempted to allocate new blocks. The file system would then be forced into a read-only state, requiring manual intervention to restore write capabilities.

Impact

Exploitation of this vulnerability could cause a file system transaction to abort, leading to a read-only state that prevents normal write operations. While the file system can be manually remounted with certain options, this does not fully resolve the issue, as it prevents the resumption of any interrupted balance operations.

Reproduction

The vulnerability can be reproduced by canceling a balance operation that is converting between unhandled RAID profiles, after at least one block has been allocated using the new profile. This will cause 'btrfs_reduce_alloc_profile' to return an incorrect allocation profile, leading to a transaction abort and forcing the file system into a read-only state.

Remediation

Users can upgrade to the patched version of the Linux kernel, which is available in the official Debian repositories. Instructions for upgrading the kernel can be found in the Debian documentation.