cbcvebase.
CVE-2025-38503
published 2025-08-16

CVE-2025-38503: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with…

medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ------------[ cut here ]------------ kernel BUG at fs/btrfs/free-space-tree.c:1102! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 sp : ffff8000a4ce7600 x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8 x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001 x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160 x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0 x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00 x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e Call trace: populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P) btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337 btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074 btrfs_remount_rw fs/btrfs/super.c:1319 [inline] btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543 reconfigure_super+0x1d4/0x6f0 fs/super.c:1083 do_remount fs/namespa

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianlinux< linux 6.1.147-1 (bookworm)linux 6.1.147-1 (bookworm)
debianlinux-6.1< linux 6.1.147-1 (bookworm)linux 6.1.147-1 (bookworm)
linuxlinux
linuxlinux
linuxlinux>= 1c56ab991903dce60e905a08f431c0e6f79b9b9e < 7c77df23324f60bcff0ea44392e2c82e9486640c7c77df23324f60bcff0ea44392e2c82e9486640c
linuxlinux>= 1c56ab991903dce60e905a08f431c0e6f79b9b9e < f4428b2d4c68732653e93f748f538bdee639ff80f4428b2d4c68732653e93f748f538bdee639ff80
linuxlinux>= 1c56ab991903dce60e905a08f431c0e6f79b9b9e < 0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e
linuxlinux>= 1c56ab991903dce60e905a08f431c0e6f79b9b9e < 6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b
linuxlinux>= 1c56ab991903dce60e905a08f431c0e6f79b9b9e < 1961d20f6fa8903266ed9bd77c691924c22c8f021961d20f6fa8903266ed9bd77c691924c22c8f02
linuxlinux>= 6.0.19 < 6.16.1
linuxlinux_kernel
linuxlinux_kernel>= 0 < 6.1.147-16.1.147-1
linuxlinux_kernel>= 0 < 6.12.41-16.12.41-1
linuxlinux_kernel>= 0 < 6.16.3-16.16.3-1
linuxlinux_kernel>= 0 < 6.8.0-100.1006.8.0-100.100
linuxlinux_kernel>= 6.0.19 < 6.1.1466.1.146
linuxlinux_kernel>= 6.13 < 6.15.76.15.7
linuxlinux_kernel>= 6.2 < 6.6.996.6.99
linuxlinux_kernel>= 6.7 < 6.12.396.12.39
msrcazl3_kernel_6.6.96.2-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.96.2-2_on_azure_linux_3.0
ubuntulinux-aws
ubuntulinux-aws-6.8
ubuntulinux-gkeop

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM