Home

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling extent_io_tree_panic(), it also makes the code more clear besides dealing with the exotic scenario where CONFIG_BUG is disabled.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-10 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 (git) before 58c50f45e1821a04d61b62514f9bd34afe67c622
affected

c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 (git) before 8d9d32088e304e2bc444a3087cab0bbbd9951866
affected

c91ea4bfa6dda549295ea7c15dfc990094d1fcd3 (git) before 3bf179e36da917c5d9bec71c714573ed1649b7c1
affected

Default status
affected

6.7
affected

Any version before 6.7
unaffected

6.12.34 (semver)
unaffected

6.15.3 (semver)
unaffected

6.16 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/58c50f45e1821a04d61b62514f9bd34afe67c622

git.kernel.org/...c/8d9d32088e304e2bc444a3087cab0bbbd9951866

git.kernel.org/...c/3bf179e36da917c5d9bec71c714573ed1649b7c1

cve.org (CVE-2025-38269)

nvd.nist.gov (CVE-2025-38269)

Download JSON