Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot().

INFO

Published Date :

2025-01-08T17:49:13.121Z

Last Modified :

2025-11-03T20:54:09.775Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56774 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56774.

URL Resource
https://git.kernel.org/stable/c/3ed51857a50f530ac7a1482e069dfbd1298558d4 cve-icon cve-icon
https://git.kernel.org/stable/c/757171d1369b3b47f36932d40a05a0715496dcab cve-icon cve-icon
https://git.kernel.org/stable/c/93992c3d9629b02dccf6849238559d5c24f2dece cve-icon cve-icon
https://git.kernel.org/stable/c/c71d114ef68c95da5a82ec85a721ab31f5bd905b cve-icon cve-icon
https://git.kernel.org/stable/c/db66fb87c21e8ae724886e6a464dcbac562a64c6 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025010811-CVE-2024-56774-e09f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-56774 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-56774 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact