CVE-2025-38260
published 2025-07-09CVE-2025-38260: In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly [BUG] There is syzbot based…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle csum tree error with rescue=ibadroots correctly
[BUG]
There is syzbot based reproducer that can crash the kernel, with the
following call trace: (With some debug output added)
DEBUG: rescue=ibadroots parsed
BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by repro (1010)
BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
BTRFS info (device loop0): using free-space-tree
BTRFS warning (device loop0): checksum verify failed on logical 5312512 mirror 1 wanted 0xb043382657aede36608fd3386d6b001692ff406164733d94e2d9a180412c6003 found 0x810ceb2bacb7f0f9eb2bf3b2b15c02af867cb35ad450898169f3b1f0bd818651 level 0
DEBUG: read tree root path failed for tree csum, ret=-5
BTRFS warning (device loop0): checksum verify failed on logical 5328896 mirror 1 wanted 0x51be4e8b303da58e6340226815b70e3a93592dac3f30dd510c7517454de8567a found 0x51be4e8b303da58e634022a315b70e3a93592dac3f30dd510c7517454de8567a level 0
BTRFS warning (device loop0): checksum verify failed on logical 5292032 mirror 1 wanted 0x1924ccd683be9efc2fa98582ef58760e3848e9043db8649ee382681e220cdee4 found 0x0cb6184f6e8799d9f8cb335dccd1d1832da1071d12290dab3b85b587ecacca6e level 0
process 'repro' launched './file2' with NULL argv: empty string added
DEBUG: no csum root, idatacsums=0 ibadroots=134217728
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]
CPU: 5 UID: 0 PID: 1010 Comm: repro Tainted: G OE 6.15.0-custom+ #249 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022
RIP: 0010:btrfs_lookup_csum+0x93/0x3d0 [btrfs]
Call Trace:
btrfs_lookup_bio_sums+0x47a/0xdf0 [btrfs]
btrfs_submit_bbio+0x43e/0x1a80 [btrfs]
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.147-1 (bookworm) | linux 6.1.147-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= abed4aaae4f71a7bcdbe90a65319b6e772a2689d < f8ce11903211542a61f05c02caedd2edfb4256b8 | f8ce11903211542a61f05c02caedd2edfb4256b8 |
| linux | linux | >= abed4aaae4f71a7bcdbe90a65319b6e772a2689d < fc97a116dc4929905538bc0bd3af7faa51192957 | fc97a116dc4929905538bc0bd3af7faa51192957 |
| linux | linux | >= abed4aaae4f71a7bcdbe90a65319b6e772a2689d < bbe9231fe611a54a447962494472f604419bad59 | bbe9231fe611a54a447962494472f604419bad59 |
| linux | linux | >= abed4aaae4f71a7bcdbe90a65319b6e772a2689d < 3f5c4a996f8f4fecd24a3eb344a307c50af895c2 | 3f5c4a996f8f4fecd24a3eb344a307c50af895c2 |
| linux | linux | >= abed4aaae4f71a7bcdbe90a65319b6e772a2689d < 547e836661554dcfa15c212a3821664e85b4191a | 547e836661554dcfa15c212a3821664e85b4191a |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.147-1 | 6.1.147-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 6.12.37-1 | 6.12.37-1 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.17 < 6.1.143 | 6.1.143 |
| linux | linux_kernel | >= 6.13 < 6.15.5 | 6.15.5 |
| linux | linux_kernel | >= 6.2 < 6.6.96 | 6.6.96 |
| linux | linux_kernel | >= 6.7 < 6.12.36 | 6.12.36 |
| msrc | azl3_kernel_6.6.92.2-2_on_azure_linux_3.0 | — | — |
| ubuntu | linux-aws | — | — |
| ubuntu | linux-aws-6.8 | — | — |
| ubuntu | linux-gkeop | — | — |
| ubuntu | linux-nvidia | — | — |
| ubuntu | linux-nvidia-6.8 | — | — |
| ubuntu | linux-oracle | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM