Buffer Management Issue in Linux Kernel Affecting Btrfs File System
CVE-2025-40235

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-40235?

A memory access flaw has been identified in the Linux kernel's Btrfs file system. This vulnerability arises from improper handling of partially initialized fs_info structures during the execution of functions like btrfs_check_leaked_roots(). Specifically, if memory allocation for fs_info fails in btrfs_get_tree_subvol(), an incorrect call to free fs_info can lead to dereferencing of a NULL pointer, resulting in a kernel page fault. This issue has been highlighted by syzkaller's reports, outlining the potential for serious operational disruptions when this situation occurs.

Affected Version(s)

Linux 3bb17a25bcb09abbd667c6ac86c7c9109ae82bcd

Linux 3bb17a25bcb09abbd667c6ac86c7c9109ae82bcd < 0c2b2d4d053e9840e6da6ed581befa20309f281a

Linux 3bb17a25bcb09abbd667c6ac86c7c9109ae82bcd < 17679ac6df6c4830ba711835aa8cf961be36cfa1

References

https://git.kernel.org/stable/c/b1c2b4e6ffd307720ab6ce42f...

https://git.kernel.org/stable/c/0c2b2d4d053e9840e6da6ed58...

https://git.kernel.org/stable/c/17679ac6df6c4830ba711835a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON