Primary

Context

Linux Kernel Btrfs NULL Pointer Dereference Vulnerability in Zoned Filesystems

Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been addressed, which involved improper handling of zoned device information during the cloning process. When a Btrfs device was cloned, the associated zoned device information was not duplicated, leading to a NULL pointer dereference. This issue arose when the device's zone information was accessed, such as when activating a zone. The vulnerability was identified through a test case in the fstests suite.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a kernel crash.

Reproduction

The vulnerability can be reproduced by cloning a Btrfs device in a zoned file system environment. This process will result in a NULL pointer dereference when the cloned device's zone information is accessed, such as during the activation of a zone.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.3

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Btrfs NULL Pointer Dereference Vulnerability in Zoned Filesystems

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating