Linux Kernel Btrfs Dev-Replace Repair Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed. The issue arose in version 6.0 of the kernel, where a BUG_ON() assertion in the btrfs_repair_io_failure() function was triggered while replacing a faulty disk. This occurred because the repair process attempted to write back sectors to a device that was not yet ready, causing a kernel panic. The vulnerability could lead to improper handling of disk replacement, potentially allowing read errors to be mismanaged during the repair process.

Impact

The vulnerability could cause a kernel panic, disrupting system operations and potentially leading to data loss or corruption.

Reproduction

The vulnerability can be reproduced by initiating a disk replacement process on a Btrfs file system with a device that has read errors. During the replacement, the btrfs_repair_io_failure() function will be called to address the errors. However, if the repair process attempts to write back to the replacement target device before it is ready, a BUG_ON() assertion will be triggered, causing a kernel panic.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux documentation.