CVE-2025-21879

EPSS 0.03%
Veröffentlicht 27.03.2025 14:57:08
Zuletzt bearbeitet 06.07.2025 10:15:23
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix use-after-free on inode when scanning root during em shrinking

At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a
call to btrfs_fs_closing() after we have scheduled the inode for a delayed
iput, and that can result in a use-after-free on the inode in case the
cleaner kthread does the iput before we dereference the inode in the call
to btrfs_fs_closing().

Fix this by using the fs_info stored already in a local variable instead
of doing inode->root->fs_info.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.6

Linux ≫ Linux Kernel Version6.14 Updaterc1

Linux ≫ Linux Kernel Version6.14 Updaterc2

Linux ≫ Linux Kernel Version6.14 Updaterc3

Linux ≫ Linux Kernel Version6.14 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/5e79d26014f9386387575b9ed60d342057cee49b

Patch

https://git.kernel.org/stable/c/59f37036bb7ab3d554c24abc856aabca01126414

Patch

https://git.kernel.org/stable/c/07836bc18f4ae42da4e922244f4685561c18755e

https://nvd.nist.gov/vuln/detail/CVE-2025-21879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21879

EUVD