Memory Access Issue in Linux Kernel's Btrfs Affects Performance
CVE-2025-38382

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38382?

A memory access vulnerability in the Linux kernel's Btrfs file system can lead to system instability due to improper handling of extrefs during log replay. Specifically, the issue arises in the __inode_add_ref() function where an undefined value for victim_name.len may result from a goto statement. This can trigger invalid memory access in subsequent iterations, negatively impacting performance. The vulnerability has been addressed by initializing victim_name.len with the current extref's name length, which prevents these unintended memory accesses and enhances stability.

Affected Version(s)

Linux 1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e < 539969fc472886a1d63565459514d47e27fef461

Linux e43eec81c5167b655b72c781b0e75e62a05e415e < 2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171

Linux e43eec81c5167b655b72c781b0e75e62a05e415e < 7ac790dc2ba00499a8d671d4a24de4d4ad27e234

References

https://git.kernel.org/stable/c/539969fc472886a1d63565459...

https://git.kernel.org/stable/c/2d11d274e2e1d7c79e2ca8461...

https://git.kernel.org/stable/c/7ac790dc2ba00499a8d671d4a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025