CVE-2025-38269

Published: Jul 10, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling extent_io_tree_panic(), it also makes the code more clear besides dealing with the exotic scenario where CONFIG_BUG is disabled.

Vendor	Product	Versions
Linux	Linux	affected `c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 - < 58c50f45e1821a04d61b62514f9bd34afe67c622` affected `c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 - < 8d9d32088e304e2bc444a3087cab0bbbd9951866` affected `c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 - < 3bf179e36da917c5d9bec71c714573ed1649b7c1`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.12.34 - <= 6.12.` unaffected `6.15.3 - <= 6.15.` unaffected `6.16 - <= *`

References

https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622

https://git.kernel.org/stable/c/8d9d32088e304e2bc444a3087cab0bbbd9951866

https://git.kernel.org/stable/c/3bf179e36da917c5d9bec71c714573ed1649b7c1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-38269

Description

Affected Products

References