Preface: The main benefit of a snapshot is that it can be created very rapidly—and frequently—allowing for a quick and straightforward way to recover files or data if something goes wrong. Data can be restored to a specific point in time when it was in a good state.
Background: Btrfs is a copy-on-write (COW) file system developed by Chris Mason. It is based on COW-friendly B-trees developed by Ohad Rodeh.
In contrast to the currently unofficial default Linux filesystem ext4, Btrfs offers some features that are generally not attributed to the functionality of a filesystem but is popular, especially in professional environments such as data centers.
Vulnerability details: The add_inode_ref() function does not initialize the “name” struct when it is declared. If any of the following calls to “read_one_inode() returns NULL, then “name[.]name” would be freed on “out” before being initialized.
If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service.
This issue was reported by Coverity with CID 1526744.
Remark: In the Linux kernel, the above vulnerability has been resolved.
Official announcement: Please refer to the link for details –