CVE-2024-26792

btrfs: fix double free of anonymous device after snapshot creation failure

References

https://cve.org/CVERecord/?id=CVE-2024-26792

Notes

 carnil> Introduced in e03ee2fe873e ("btrfs: do not ASSERT() if the newly created
 carnil> subvolume already got read"). Vulnerable versions: 5.10.210 5.15.149 6.1.79
 carnil> 6.6.18 6.7.6 6.8-rc4.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	needed
5.10-upstream-stable	needed
6.1-bookworm-security	released (6.1.82-1)
6.1-upstream-stable	released (6.1.81) [c34adc20b91a8e55e048b18d63f4f4ae003ecf8f]
6.6-upstream-stable	released (6.6.21) [eb3441093aad251418921246fc3b224fd1575701]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.7.9-1)
upstream	released (6.8-rc7) [e2b54eaf28df0c978626c9736b94f003b523b451]