{"vulnerability": "CVE-2024-46733", "sightings": [{"uuid": "968f99c6-7678-4c25-9904-929847ac07a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2024-46733", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "d0f8e4ea-39c4-4603-a276-fe1ec9148afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46733", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "859b09da-fadc-4016-8710-9ccf59267506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-46733", "type": "seen", "source": "https://t.me/cvedetector/5908", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-46733 - Btrfs qgroup Reserve Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-46733 \nPublished : Sept. 18, 2024, 7:15 a.m. | 35\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbtrfs: fix qgroup reserve leaks in cow_file_range  \n  \nIn the buffered write path, the dirty page owns the qgroup reserve until  \nit creates an ordered_extent.  \n  \nTherefore, any errors that occur before the ordered_extent is created  \nmust free that reservation, or else the space is leaked. The fstest  \ngeneric/475 exercises various IO error paths, and is able to trigger  \nerrors in cow_file_range where we fail to get to allocating the ordered  \nextent. Note that because we *do* clear delalloc, we are likely to  \nremove the inode from the delalloc list, so the inodes/pages to not have  \ninvalidate/launder called on them in the commit abort path.  \n  \nThis results in failures at the unmount stage of the test that look like:  \n  \n  BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure  \n  BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure  \n  BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672  \n  ------------[ cut here ]------------  \n  WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]  \n  Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq  \n  CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W          6.10.0-rc7-gab56fde445b8 #21  \n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014  \n  RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]  \n  RSP: 0018:ffffb4465283be00 EFLAGS: 00010202  \n  RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001  \n  RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8  \n  RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000  \n  R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c  \n  R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000  \n  FS:  00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000  \n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n  CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0  \n  Call Trace:  \n     \n   ? close_ctree+0x222/0x4d0 [btrfs]  \n   ? __warn.cold+0x8e/0xea  \n   ? close_ctree+0x222/0x4d0 [btrfs]  \n   ? report_bug+0xff/0x140  \n   ? handle_bug+0x3b/0x70  \n   ? exc_invalid_op+0x17/0x70  \n   ? asm_exc_invalid_op+0x1a/0x20  \n   ? close_ctree+0x222/0x4d0 [btrfs]  \n   generic_shutdown_super+0x70/0x160  \n   kill_anon_super+0x11/0x40  \n   btrfs_kill_super+0x11/0x20 [btrfs]  \n   deactivate_locked_super+0x2e/0xa0  \n   cleanup_mnt+0xb5/0x150  \n   task_work_run+0x57/0x80  \n   syscall_exit_to_user_mode+0x121/0x130  \n   do_syscall_64+0xab/0x1a0  \n   entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  RIP: 0033:0x7f916847a887  \n  ---[ end trace 0000000000000000 ]---  \n  BTRFS error (device dm-8 state EA): qgroup reserved space leaked  \n  \nCases 2 and 3 in the out_reserve path both pertain to this type of leak  \nand must free the reserved qgroup data. Because it is already an error  \npath, I opted not to handle the possible errors in  \nbtrfs_free_qgroup_data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T10:01:20.000000Z"}]}