Linux Kernel Btrfs Superblock Handling Vulnerability in Overlay Filesystems

A vulnerability in the Linux kernel's handling of Btrfs file systems can lead to a system crash when an overlay file system is applied on top of Btrfs. The issue arises because the overlay's superblock is incorrectly referenced, causing a misassignment of the file system ID. This vulnerability affects the Linux kernel's stable group, specifically in versions prior to the latest commit that addresses the issue. The root cause is the tracepoint for the Btrfs synchronization event, which fails to retrieve the correct superblock when an overlay is used. Instead of accessing the Btrfs superblock directly, it inadvertently references the overlay's superblock, leading to a crash during the file system ID assignment.

Impact

Exploiting this vulnerability causes a system crash by mismanaging the file system's superblock information, particularly when an overlay file system is layered on top of Btrfs.

Reproduction

To reproduce this vulnerability, use a version of the Linux kernel that is prior to the patch addressing this issue. Apply an overlay file system on top of a Btrfs file system. During the Btrfs synchronization process, the overlay's superblock will be incorrectly referenced, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.