CVE-2023-54185

EUVD-2023-60456

30.12.2025, 13:16

In the Linux kernel, the following vulnerability has been resolved:

btrfs: remove BUG_ON()'s in add_new_free_space()

At add_new_free_space() we have these BUG_ON()'s that are there to deal
with any failure to add free space to the in memory free space cache.
Such failures are mostly -ENOMEM that should be very rare. However there's
no need to have these BUG_ON()'s, we can just return any error to the
caller and all callers and their upper call chain are already dealing with
errors.

So just make add_new_free_space() return any errors, while removing the
BUG_ON()'s, and returning the total amount of added free space to an
optional u64 pointer argument.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.148-1 fixed
bookworm (security)	6.1.158-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.17.13-1 fixed
sid	6.17.13-1 fixed
trixie	6.12.57-1 fixed
trixie (security)	6.12.48-1 fixed

References

https://git.kernel.org/stable/c/23e72231f8281505883514b23709076e234d4f27

https://git.kernel.org/stable/c/d8ccbd21918fd7fa6ce3226cffc22c444228e8ad

https://git.kernel.org/stable/c/f775ceb0cb530e4a469b718fb2a24843071087f5