CVE & CISA-KEV Catalog

CVE-2024-57975

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when run_delalloc_nocow() failed [BUG] With CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash with the following VM_BUG_ON_FOLIO(): BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28 BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28 page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0x10664 aops:btrfs_aops [btrfs] ino:101 dentry name(?):"f1774" flags: 0x2fffff80004028(uptodate|lru|private|node=0|zone=2|lastcpupid=0xfffff) page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) ------------[ cut here ]------------ kernel BUG at mm/page-writeback.c:2992! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 2 UID: 0 PID: 3943513 Comm: kworker/u24:15 Tainted: G OE 6.12.0-rc7-custom+ #87 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] pc : folio_clear_dirty_for_io+0x128/0x258 lr : folio_clear_dirty_for_io+0x128/0x258 Call trace: folio_clear_dirty_for_io+0x128/0x258 btrfs_folio_clamp_clear_dirty+0x80/0xd0 [btrfs] __process_folios_contig+0x154/0x268 [btrfs] extent_clear_unlock_delalloc+0x5c/0x80 [btrfs] run_delalloc_nocow+0x5f8/0x760 [btrfs] btrfs_run_delalloc_range+0xa8/0x220 [btrfs] writepage_delalloc+0x230/0x4c8 [btrfs] extent_writepage+0xb8/0x358 [btrfs] extent_write_cache_pages+0x21c/0x4e8 [btrfs] btrfs_writepages+0x94/0x150 [btrfs] do_writepages+0x74/0x190 filemap_fdatawrite_wbc+0x88/0xc8 start_delalloc_inodes+0x178/0x3a8 [btrfs] btrfs_start_delalloc_roots+0x174/0x280 [btrfs] shrink_delalloc+0x114/0x280 [btrfs] flush_space+0x250/0x2f8 [btrfs] btrfs_async_reclaim_data_space+0x180/0x228 [btrfs] process_one_work+0x164/0x408 worker_thread+0x25c/0x388 kthread+0x100/0x118 ret_from_fork+0x10/0x20 Code: 910a8021 a90363f7 a9046bf9 94012379 (d4210000) ---[ end trace 0000000000000000 ]--- [CAUSE] The first two lines of extra debug messages show the problem is caused by the error handling of run_delalloc_nocow(). E.g. we have the following dirtied range (4K blocksize 4K page size): 0 16K 32K |//////////////////////////////////////| | Pre-allocated | And the range [0, 16K) has a preallocated extent. - Enter run_delalloc_nocow() for range [0, 16K) Which found range [0, 16K) is preallocated, can do the proper NOCOW write. - Enter fallback_to_fow() for range [16K, 32K) Since the range [16K, 32K) is not backed by preallocated extent, we have to go COW. - cow_file_range() failed for range [16K, 32K) So cow_file_range() will do the clean up by clearing folio dirty, unlock the folios. Now the folios in range [16K, 32K) is unlocked. - Enter extent_clear_unlock_delalloc() from run_delalloc_nocow() Which is called with PAGE_START_WRITEBACK to start page writeback. But folios can only be marked writeback when it's properly locked, thus this triggered the VM_BUG_ON_FOLIO(). Furthermore there is another hidden but common bug that run_delalloc_nocow() is not clearing the folio dirty flags in its error handling path. This is the common bug shared between run_delalloc_nocow() and cow_file_range(). [FIX] - Clear folio dirty for range [@start, @cur_offset) Introduce a helper, cleanup_dirty_folios(), which will find and lock the folio in the range, clear the dirty flag and start/end the writeback, with the extra handling for the @locked_folio. - Introduce a helper to clear folio dirty, start and end writeback - Introduce a helper to record the last failed COW range end This is to trace which range we should skip, to avoid double unlocking. - Skip the failed COW range for the e ---truncated---

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.13-1CVE-2024-57975
Fixed in:6.12.13-1CVE-2024-57975
linuxUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-awsUbuntu
Fixed in:6.8.0-1032.34USN-7651-1
linux-aws-6.8Ubuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
linux-azureUbuntu
Fixed in:6.8.0-1034.39USN-7737-1
linux-azure-6.8Ubuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
linux-azure-nvidiaUbuntu
Fixed in:6.8.0-1022.23USN-7737-1
linux-gcpUbuntu
Fixed in:6.8.0-1033.35USN-7651-4
linux-gcp-6.8Ubuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
linux-gkeUbuntu
Fixed in:6.8.0-1028.32USN-7651-3
linux-gkeopUbuntu
Fixed in:6.8.0-1015.17USN-7651-3
linux-hwe-6.8Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-ibmUbuntu
Fixed in:6.8.0-1029.29USN-7651-2
linux-ibm-6.8Ubuntu
Fixed in:6.8.0-1029.29~22.04.1USN-7651-2
linux-image-6.8.0-1015-gkeopUbuntu
Fixed in:6.8.0-1015.17USN-7651-3
linux-image-6.8.0-1022-azure-nvidiaUbuntu
Fixed in:6.8.0-1022.23USN-7737-1
linux-image-6.8.0-1028-gkeUbuntu
Fixed in:6.8.0-1028.32USN-7651-3
linux-image-6.8.0-1029-ibmUbuntu
Fixed in:6.8.0-1029.29~22.04.1USN-7651-2
Fixed in:6.8.0-1029.29USN-7651-2
linux-image-6.8.0-1029-oracleUbuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-6.8.0-1029-oracle-64kUbuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-6.8.0-1031-nvidiaUbuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-6.8.0-1031-nvidia-64kUbuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-6.8.0-1031-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-6.8.0-1031-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-6.8.0-1031-oemUbuntu
Fixed in:6.8.0-1031.31USN-7651-1
linux-image-6.8.0-1031-raspiUbuntu
Fixed in:6.8.0-1031.35USN-7651-6
linux-image-6.8.0-1032-awsUbuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-6.8.0-1032-aws-64kUbuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-6.8.0-1033-gcpUbuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-6.8.0-1033-gcp-64kUbuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-6.8.0-1034-azureUbuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-6.8.0-1034-azure-fdeUbuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-6.8.0-2026-raspi-realtimeUbuntu
Fixed in:6.8.0-2026.27USN-7651-5
linux-image-6.8.0-64-genericUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
Fixed in:6.8.0-64.67USN-7651-1
linux-image-6.8.0-64-generic-64kUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
Fixed in:6.8.0-64.67USN-7651-1
linux-image-6.8.0-64-lowlatencyUbuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-6.8.0-64-lowlatency-64kUbuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-6.8.1-1025-realtimeUbuntu
Fixed in:6.8.1-1025.26USN-7652-1
linux-image-awsUbuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
linux-image-aws-6.8Ubuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-aws-64kUbuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
linux-image-aws-64k-6.8Ubuntu
Fixed in:6.8.0-1032.34~22.04.1USN-7651-3
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-aws-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-aws-lts-24.04Ubuntu
Fixed in:6.8.0-1032.34USN-7651-1
linux-image-azureUbuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
linux-image-azure-6.8Ubuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-azure-fdeUbuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
linux-image-azure-fde-6.8Ubuntu
Fixed in:6.8.0-1034.39~22.04.1USN-7737-1
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-azure-fde-lts-24.04Ubuntu
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-azure-lts-24.04Ubuntu
Fixed in:6.8.0-1034.39USN-7737-1
linux-image-azure-nvidiaUbuntu
Fixed in:6.8.0-1022.23USN-7737-1
linux-image-azure-nvidia-6.8Ubuntu
Fixed in:6.8.0-1022.23USN-7737-1
linux-image-azure-nvidia-lts-24.04Ubuntu
Fixed in:6.8.0-1022.23USN-7737-1
linux-image-gcpUbuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
linux-image-gcp-6.8Ubuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-gcp-64kUbuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
linux-image-gcp-64k-6.8Ubuntu
Fixed in:6.8.0-1033.35~22.04.1USN-7651-4
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-gcp-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-gcp-lts-24.04Ubuntu
Fixed in:6.8.0-1033.35USN-7651-4
linux-image-genericUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-image-generic-6.8Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
Fixed in:6.8.0-64.67USN-7651-1
linux-image-generic-64kUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-image-generic-64k-6.8Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
Fixed in:6.8.0-64.67USN-7651-1
linux-image-generic-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-generic-hwe-22.04Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-generic-lpaeUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-image-gkeUbuntu
Fixed in:6.8.0-1028.32USN-7651-3
linux-image-gke-6.8Ubuntu
Fixed in:6.8.0-1028.32USN-7651-3
linux-image-gkeopUbuntu
Fixed in:6.8.0-1015.17USN-7651-3
linux-image-gkeop-6.8Ubuntu
Fixed in:6.8.0-1015.17USN-7651-3
linux-image-ibmUbuntu
Fixed in:6.8.0-1029.29USN-7651-2
linux-image-ibm-6.8Ubuntu
Fixed in:6.8.0-1029.29~22.04.1USN-7651-2
Fixed in:6.8.0-1029.29USN-7651-2
linux-image-ibm-classicUbuntu
Fixed in:6.8.0-1029.29USN-7651-2
linux-image-ibm-lts-24.04Ubuntu
Fixed in:6.8.0-1029.29USN-7651-2
linux-image-kvmUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-image-lowlatencyUbuntu
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-lowlatency-6.8Ubuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-lowlatency-64kUbuntu
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
Fixed in:6.8.0-64.67.1USN-7651-2
linux-image-lowlatency-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
linux-image-lowlatency-hwe-22.04Ubuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
linux-image-nvidiaUbuntu
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-nvidia-6.8Ubuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-nvidia-64kUbuntu
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-nvidia-64k-6.8Ubuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
Fixed in:6.8.0-1031.34USN-7651-3
linux-image-nvidia-64k-hwe-22.04Ubuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
linux-image-nvidia-hwe-22.04Ubuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
linux-image-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-nvidia-lowlatency-6.8Ubuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-nvidia-lowlatency-64kUbuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-nvidia-lowlatency-64k-6.8Ubuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-image-oem-22.04Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-oem-22.04aUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-oem-22.04bUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-oem-22.04cUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-oem-22.04dUbuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-image-oem-24.04Ubuntu
Fixed in:6.8.0-1031.31USN-7651-1
linux-image-oem-24.04aUbuntu
Fixed in:6.8.0-1031.31USN-7651-1
linux-image-oem-6.8Ubuntu
Fixed in:6.8.0-1031.31USN-7651-1
linux-image-oracleUbuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
linux-image-oracle-6.8Ubuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-oracle-64kUbuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
linux-image-oracle-64k-6.8Ubuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-oracle-64k-lts-24.04Ubuntu
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-oracle-lts-24.04Ubuntu
Fixed in:6.8.0-1029.30USN-7651-3
linux-image-raspiUbuntu
Fixed in:6.8.0-1031.35USN-7651-6
linux-image-raspi-6.8Ubuntu
Fixed in:6.8.0-1031.35USN-7651-6
linux-image-raspi-realtimeUbuntu
Fixed in:6.8.0-2026.27USN-7651-5
linux-image-raspi-realtime-6.8Ubuntu
Fixed in:6.8.0-2026.27USN-7651-5
linux-image-realtimeUbuntu
Fixed in:6.8.1-1025.26USN-7652-1
linux-image-realtime-6.8.1Ubuntu
Fixed in:6.8.1-1025.26USN-7652-1
linux-image-virtualUbuntu
Fixed in:6.8.0-64.67USN-7651-1
linux-image-virtual-6.8Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
Fixed in:6.8.0-64.67USN-7651-1
linux-image-virtual-hwe-22.04Ubuntu
Fixed in:6.8.0-64.67~22.04.1USN-7653-1
linux-lowlatencyUbuntu
Fixed in:6.8.0-64.67.1USN-7651-2
linux-lowlatency-hwe-6.8Ubuntu
Fixed in:6.8.0-64.67.1~22.04.1USN-7651-2
linux-nvidiaUbuntu
Fixed in:6.8.0-1031.34USN-7651-3
linux-nvidia-6.8Ubuntu
Fixed in:6.8.0-1031.34~22.04.1USN-7651-3
linux-nvidia-lowlatencyUbuntu
Fixed in:6.8.0-1031.34.1USN-7651-3
linux-oem-6.8Ubuntu
Fixed in:6.8.0-1031.31USN-7651-1
linux-oracleUbuntu
Fixed in:6.8.0-1029.30USN-7651-3
linux-oracle-6.8Ubuntu
Fixed in:6.8.0-1029.30~22.04.1USN-7651-3
linux-raspiUbuntu
Fixed in:6.8.0-1031.35USN-7651-6
linux-raspi-realtimeUbuntu
Fixed in:6.8.0-2026.27USN-7651-5
linux-realtimeUbuntu
Fixed in:6.8.1-1025.26USN-7652-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Embed a live status badge for CVE-2024-57975
CVE-2024-57975 severity badge

Markdown

[![CVE-2024-57975](https://tridentstack.com/cve/badge/CVE-2024-57975.svg)](https://tridentstack.com/cve/CVE-2024-57975)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-57975"><img src="https://tridentstack.com/cve/badge/CVE-2024-57975.svg" alt="CVE-2024-57975"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-23.