CVE-2023-54121

EUVD-2023-60324
In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix incorrect splitting in btrfs_drop_extent_map_range

In production we were seeing a variety of WARN_ON()'s in the extent_map
code, specifically in btrfs_drop_extent_map_range() when we have to call
add_extent_mapping() for our second split.

Consider the following extent map layout

	PINNED
	[0 16K)  [32K, 48K)

and then we call btrfs_drop_extent_map_range for [0, 36K), with
skip_pinned == true.  The initial loop will have

	start = 0
	end = 36K
	len = 36K

we will find the [0, 16k) extent, but since we are pinned we will skip
it, which has this code

	start = em_end;
	if (end != (u64)-1)
		len = start + len - em_end;

em_end here is 16K, so now the values are

	start = 16K
	len = 16K + 36K - 16K = 36K

len should instead be 20K.  This is a problem when we find the next
extent at [32K, 48K), we need to split this extent to leave [36K, 48k),
however the code for the split looks like this

	split->start = start + len;
	split->len = em_end - (start + len);

In this case we have

	em_end = 48K
	split->start = 16K + 36K       // this should be 16K + 20K
	split->len = 48K - (16K + 36K) // this overflows as 16K + 36K is 52K

and now we have an invalid extent_map in the tree that potentially
overlaps other entries in the extent map.  Even in the non-overlapping
case we will have split->start set improperly, which will cause problems
with any block related calculations.

We don't actually need len in this loop, we can simply use end as our
end point, and only adjust start up when we find a pinned extent we need
to skip.

Adjust the logic to do this, which keeps us from inserting an invalid
extent map.

We only skip_pinned in the relocation case, so this is relatively rare,
except in the case where you are running relocation a lot, which can
happen with auto relocation on.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-hwe
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-hwe-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-hwe-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-hwe-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
ignored
linux-lts-xenial
jammy
dne
noble
dne
plucky
dne
questing
dne
trusty
needs-triage
linux-kvm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-allwinner-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-aws-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-aws-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-aws-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-aws-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-aws-hwe
jammy
dne
noble
dne
plucky
dne
questing
dne
xenial
needs-triage
linux-azure
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
linux-azure-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-nvidia
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-azure-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fde
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
dne
linux-azure-fde-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-fde-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-azure-fde-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-azure-nvidia-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-bluefield
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-azure-edge
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
xenial
needs-triage
linux-aws-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-azure-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp-fips
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gcp
bionic
ignored
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-gcp-4.15
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gcp-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-gcp-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-gcp-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-gcp-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-gke
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gke-4.15
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gke-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop
focal
ignored
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-gkeop-5.4
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-gkeop-5.15
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-ibm-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-ibm-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iotg
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-intel-iotg-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-iot
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-intel-iot-realtime
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-lowlatency-hwe-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-lowlatency-hwe-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-nvidia-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-nvidia-lowlatency
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra
jammy
needs-triage
noble
needs-triage
plucky
dne
questing
dne
linux-nvidia-tegra-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-nvidia-tegra-igx
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
linux-oracle-5.0
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.3
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oracle-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oracle-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-oracle-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem
bionic
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.6
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.10
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.13
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.14
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-oem-5.17
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.0
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.1
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-oem-6.8
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.11
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-oem-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-oem-6.17
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-raspi
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-raspi2
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-5.4
bionic
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-raspi-realtime
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-realtime
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
linux-realtime-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-realtime-6.14
jammy
dne
noble
needs-triage
plucky
dne
questing
dne
linux-riscv
focal
ignored
jammy
ignored
noble
ignored
plucky
needs-triage
questing
needs-triage
linux-riscv-5.8
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.11
focal
ignored
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.15
focal
needs-triage
jammy
dne
noble
dne
plucky
dne
questing
dne
linux-riscv-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-riscv-6.8
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
linux-riscv-6.14
jammy
dne
noble
ignored
plucky
dne
questing
dne
linux-starfive-5.19
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.2
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-starfive-6.5
jammy
ignored
noble
dne
plucky
dne
questing
dne
linux-xilinx
jammy
dne
noble
needs-triage
plucky
needs-triage
questing
dne
linux-xilinx-zynqmp
focal
needs-triage
jammy
needs-triage
noble
dne
plucky
dne
questing
dne
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/9f68e2105dd96cf0fafffffafb2337fbd0fbae1f
https://git.kernel.org/stable/c/b43a4c99d878cf5e59040e45c96bb0a8358bfb3b
https://git.kernel.org/stable/c/c962098ca4af146f2625ed64399926a098752c9c