Linux Kernel Btrfs Subsystem Use-After-Free Vulnerability in Bio Repair Process

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Btrfs subsystem. This issue arises during the bio repair process, where the bio cleanup can interfere with the bio's end-of-IO handling. The vulnerability can lead to various bugs, including use-after-free errors and NULL pointer dereferences, by creating a race condition between the bio cleanup and the endio function that is supposed to manage the bio's lifecycle. The vulnerability affects several different versions and/or ranges of the Linux kernel.

Impact

Exploitation of this vulnerability can cause use-after-free errors and NULL pointer dereference bugs, leading to memory corruption and potential arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Btrfs Subsystem Use-After-Free Vulnerability in Bio Repair Process

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating