CVE-2025-21879

Published: Mar 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a call to btrfs_fs_closing() after we have scheduled the inode for a delayed iput, and that can result in a use-after-free on the inode in case the cleaner kthread does the iput before we dereference the inode in the call to btrfs_fs_closing(). Fix this by using the fs_info stored already in a local variable instead of doing inode->root->fs_info.

Vendor	Product	Versions
Linux	Linux	affected `fef55c4d9c9c22264d2b2ceae1e26922cb6129a5 - < 07836bc18f4ae42da4e922244f4685561c18755e` affected `1020443840569535f6025a855958f07ea3eebf71 - < 5e79d26014f9386387575b9ed60d342057cee49b` affected `1020443840569535f6025a855958f07ea3eebf71 - < 59f37036bb7ab3d554c24abc856aabca01126414`
Linux	Linux	affected `6.13` unaffected `0 - < 6.13` unaffected `6.13.6 - <= 6.13.` unaffected `6.14 - <= `

References

https://git.kernel.org/stable/c/07836bc18f4ae42da4e922244f4685561c18755e

https://git.kernel.org/stable/c/5e79d26014f9386387575b9ed60d342057cee49b

https://git.kernel.org/stable/c/59f37036bb7ab3d554c24abc856aabca01126414

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21879

Description

Affected Products

References