CVE-2024-39496

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: zoned: fix use-after-free due to race with dev replace<br /> <br /> While loading a zone&amp;#39;s info during creation of a block group, we can race<br /> with a device replace operation and then trigger a use-after-free on the<br /> device that was just replaced (source device of the replace operation).<br /> <br /> This happens because at btrfs_load_zone_info() we extract a device from<br /> the chunk map into a local variable and then use the device while not<br /> under the protection of the device replace rwsem. So if there&amp;#39;s a device<br /> replace operation happening when we extract the device and that device<br /> is the source of the replace operation, we will trigger a use-after-free<br /> if before we finish using the device the replace operation finishes and<br /> frees the device.<br /> <br /> Fix this by enlarging the critical section under the protection of the<br /> device replace rwsem so that all uses of the device are done inside the<br /> critical section.