Linux Kernel Btrfs Reservation Leak Vulnerability

A reservation leak vulnerability has been identified in the Linux kernel's Btrfs file system. This issue arises in versions of the kernel prior to the latest commit that addresses the problem. The vulnerability occurs in the 'cow_file_range_inline' function, where the code fails to free reserved quota group data if path allocation or transaction joining fails. As a result, the leaked data is not properly managed, leading to a resource leak. The vulnerability can be exploited during the inline extent insertion process, where error handling paths do not adequately release reserved resources.

Impact

The vulnerability causes a resource leak by failing to free reserved quota group data in certain error scenarios, which can lead to increased memory usage and potential exhaustion of available resources.

Reproduction

To reproduce this vulnerability, attempt to insert inline extents in a Btrfs file system using a version of the Linux kernel prior to the patch. Monitor the quota group data to observe the reservation leak, which occurs when the operation fails to allocate a path or join a transaction, yet the reserved data is not freed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.