Race Condition Vulnerability in Linux Kernel Btrfs Quota Management
CVE-2025-39759

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39759?

A vulnerability in the Linux kernel's Btrfs file system arises from a race condition between tasks disabling quotas and others running the quota rescan ioctl. This can lead to a use-after-free scenario where quota group records are freed while other tasks attempt to access them, causing potential instability and data corruption. The issue is mitigated by properly locking shared resources during configuration adjustments, ensuring that quota rescan operations are not initiated when quotas are already disabled.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7cda0fdde5d9890976861421d207870500f9aace

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d...

https://git.kernel.org/stable/c/b172535ccba12f0cf7d23b3b8...

https://git.kernel.org/stable/c/dd0b28d877b293b1d7f8727a7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025