Linux Kernel Btrfs Free Space Tree Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's Btrfs file system, specifically in the management of free space trees. When a free space root is deleted from the 'dirty cow only roots' list, the operation is performed without the necessary lock, leaving the list vulnerable to concurrent modifications. This unsynchronized manipulation can lead to various failures, including a general protection fault crash, by creating a race condition with other operations that modify the same list.

Impact

Exploitation of this vulnerability can cause a general protection fault, leading to a crash of the Btrfs process.

Reproduction

The vulnerability can be reproduced by deleting a free space tree from the 'dirty cow only roots' list without acquiring the appropriate lock. This can be done by manually removing the free space root while another process is concurrently adding a root to the list, creating a race condition that results in a crash.

Remediation

The vulnerability has been addressed by modifying the Btrfs free space tree management code to include the necessary locking before deleting a free space root from the list. Users should upgrade to the patched version of the Linux kernel.