CVE-2024-46753

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c	Patch
https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869	Patch
https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1	Patch
https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72	Patch
https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d	Patch
https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

03 Nov 2025, 20:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html - () https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

Information

Published : 2024-09-18 08:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-46753

Mitre link : CVE-2024-46753

CVE.ORG link : CVE-2024-46753

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-617

Reachable Assertion

{"id": "CVE-2024-46753", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-18T08:15:04.107", "references": [{"url": "https://git.kernel.org/stable/c/0e4840ae09f375381167000ce47424818fcbcc7c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2c4fe45351e544da4b8f10c74b277117a4fa7869", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5eb178f373b4f16f3b42d55ff88fc94dd95b93b1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/67e4ca7ddc67ef949326b4dc404a9678bbe67d72", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c8237021b53d52357c0de07a768582fafb2791d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle errors from btrfs_dec_ref() properly\n\nIn walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is\nincorrect, we have proper error handling here, return the error."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: manejo correcto de errores de btrfs_dec_ref() En walk_up_proc() ejecutamos BUG_ON(ret) desde btrfs_dec_ref(). Esto es incorrecto, aqu\u00ed tenemos un manejo correcto de errores, devolvemos el error."}], "lastModified": "2025-11-03T20:16:31.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA4D157D-0342-41B3-B1D5-87FB20A998BA", "versionEndExcluding": "5.10.236"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D19801C8-3D18-405D-9989-E6C9B30255FA", "versionEndExcluding": "5.15.180", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3985DEC3-0437-4177-BC42-314AB575285A", "versionEndExcluding": "6.1.134", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFF24260-49B1-4251-9477-C564CFDAD25B", "versionEndExcluding": "6.6.87", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED", "versionEndExcluding": "6.10.10", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}