SB2024073112 - Memory leak in Linux kernel btrfs
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024073112
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-41078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/94818bdb00ef34a996a06aa63d11f591074cb757
- https://git.kernel.org/stable/c/8a69529f22590b67bb018de9acbcf94abc8603cf
- https://git.kernel.org/stable/c/5ef3961682e5310f2221bae99bcf9f5d0f4b0d51
- https://git.kernel.org/stable/c/f88aeff5a173e8ba3133314eb4b964236ef3589d
- https://git.kernel.org/stable/c/7dd6a5b96157a21245566b21fd58276a214357ff
- https://git.kernel.org/stable/c/a7e4c6a3031c74078dba7fa36239d0f4fe476c53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.223
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.164
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.42