CVE-2024-46752

low-risk

Published 2024-09-18

In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory).

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/0fbac73a97286a7ec72229cb9b42d760a2c717ac

Patch https://git.kernel.org/stable/c/41a0f85e268d72fe04f731b8ceea4748c2d65491

Patch https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688

Patch https://git.kernel.org/stable/c/b56329a782314fde5b61058e2a25097af7ccb675

Patch https://git.kernel.org/stable/c/f895db00c65e5d77c437cce946da9ec29dcdf563

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal