🟡 Medium | Source: Microsoft Security Response Center
CVE-2024-58089 is a kernel-level bug in the btrfs filesystem driver that causes a double accounting race condition when a specific memory allocation operation fails. This type of flaw can lead to filesystem corruption or system instability. It affects Linux-based Azure workloads running on kernels that include the btrfs driver.
Security Architect’s Take: Review whether any Azure Linux VMs or AKS nodes use btrfs as their filesystem; if so, ensure the underlying OS kernel is patched to the version that includes this fix. Most Azure-managed images default to ext4 or xfs, so exposure may be limited, but custom images warrant explicit verification.
Original advisory: CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed