Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot().
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.11, < 5.15.174 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4Patch
- https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcabPatch
- https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2decePatch
- https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905bPatch
- https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6Patch
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
FAQ
What is CVE-2024-56774?
CVE-2024-56774 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The repro...
How severe is CVE-2024-56774?
CVE-2024-56774 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56774?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.