CVE-2025-38269
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-20
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's btrfs filesystem code. When a function called insert_state() fails, it returns an error pointer. Normally, the code calls extent_io_tree_panic(), which triggers a BUG() call to handle the error. However, if the kernel is configured with CONFIG_BUG disabled (an uncommon scenario), the error handling falls through and calls cache_state(), which then dereferences the error pointer, causing invalid memory access. The fix involves exiting properly after the state insertion failure to avoid this invalid memory access.
How can this vulnerability impact me? :
This vulnerability can lead to invalid memory access in the Linux kernel when the btrfs filesystem encounters a state insertion failure under a rare kernel configuration. This could cause system instability, crashes, or potential denial of service due to kernel bugs triggered by the invalid memory access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue in btrfs_convert_extent_bit() has been fixed. This update ensures that the code properly handles the error pointer and avoids invalid memory access, especially in scenarios where CONFIG_BUG is disabled.