CVE-2024-46751

low-risk

Published 2024-09-18

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message.

Do I need to act?

-

0.01% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (8)

https://git.kernel.org/stable/c/18eb53a2734ff61b9a72c4fef5db7b38cb48ae16

Patch https://git.kernel.org/stable/c/28cb13f29faf6290597b24b728dc3100c019356f

https://git.kernel.org/stable/c/3cfec712a439c5c5f5c718c5c669ee41a898f776

https://git.kernel.org/stable/c/9c309d2434abbe880712af7e60da9ead8b6703fe

https://git.kernel.org/stable/c/d64807ded1b6054f066e03d8add6d920f3db9e5d

Patch https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428

https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

23

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal