Linux Kernel Btrfs Unexpected Generation Handling Vulnerability in Transaction Management

A vulnerability in the Linux kernel's Btrfs file system has been addressed. The issue arose in the function 'btrfs_copy_root()', where an unexpected generation in the extent buffer was only logged as a warning. This oversight allowed metadata with incorrect generation information to be saved. The vulnerability has been corrected by changing the behavior to abort the transaction and return an error code, preventing the persistence of such metadata.

Impact

The vulnerability could lead to the Btrfs file system allowing the persistence of metadata with incorrect generation information, potentially causing inconsistencies or corruption.

Reproduction

The vulnerability can be reproduced by triggering a Btrfs transaction that involves copying a root with an extent buffer that has an unexpected generation. This can be done by manipulating the transaction to include an extent buffer with a generation number that does not match the expected value, causing the 'btrfs_copy_root()' function to only issue a warning without aborting the transaction.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.