CVE-2025-38269
btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling extent_io_tree_panic(), it also makes the code more clear besides dealing with the exotic scenario where CONFIG_BUG is disabled.
Reserved 2025-04-16 | Published 2025-07-10 | Updated 2025-07-10 | Assigner Linuxgit.kernel.org/...c/58c50f45e1821a04d61b62514f9bd34afe67c622
git.kernel.org/...c/8d9d32088e304e2bc444a3087cab0bbbd9951866
git.kernel.org/...c/3bf179e36da917c5d9bec71c714573ed1649b7c1
Support options
