CVE-2025-21658

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 21, 2025

Updated: Jan 22, 2025

CWE ID 476

Summary

CVE-2025-21658 is a vulnerability affecting the Linux kernel's btrfs file system. A NULL pointer dereference occurs when the extent tree root is corrupted, leading to a crash during a file system scrubbing process. This issue arises due to the assumption that the extent root would always be non-null, causing scrub_find_fill_first_stripe() to dereference a NULL pointer. To mitigate this vulnerability, an extra check for a valid extent root should be added at the beginning of scrub_find_fill_first_stripe(). This fix was introduced in commit 42437a6386ff but may require manual backport for older kernels.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners