Linux Kernel Btrfs Device Matching Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been identified, related to incorrect device matching that can lead to assertion failures. This issue arises when the device ID is set to an invalid value via an ioctl command, causing the system to skip the necessary matching process. As a result, the device matching may incorrectly succeed. The vulnerability was introduced by a patch that added a new device matching function, which can be exploited by manipulating the device ID.

Impact

Exploitation of this vulnerability can cause assertion failures, potentially leading to application crashes or undefined behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Btrfs Device Matching Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating