Linux Kernel Btrfs Ordered Extent Handling Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, related to the management of ordered extents during direct I/O operations. When a transaction abort occurs while writing data, existing ordered extents are marked with an error flag. If the system then attempts to split an ordered extent that still has remaining bytes, it triggers an assertion failure because of the error flag. This issue could lead to a denial-of-service condition by causing the kernel to crash or become unresponsive.

Impact

Exploitation of this vulnerability could cause a kernel panic, leading to a system crash and potential data loss.

Reproduction

The vulnerability can be reproduced by performing a direct I/O write operation on a Btrfs file system while simultaneously forcing a transaction abort. This can be achieved using a fault injection mechanism to simulate the transaction abort, which will mark the ordered extents with the error flag. After the transaction abort, the ordered extent can be split, triggering the assertion failure due to the presence of the error flag.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.