SB2024060868 - Information disclosure in Linux kernel btrfs
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060868
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2024-35849)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772
- https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86
- https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6
- https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d
- https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6
- https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc
- https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54
- https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.313
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.158
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.275
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.30