Primary

Context

Linux Kernel Btrfs Device Replacement Recursive Locking Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Btrfs file system has been identified, related to the device replacement feature. When the RAID stripe-tree is used, a potential deadlock can occur. This happens because the device replacement process tries to acquire a lock that is already held by the same task, leading to a recursive locking scenario. The issue has been observed in Linux kernel version 6.11.0-rc3.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to conflicting lock acquisitions.

Reproduction

The vulnerability can be reproduced by running the Btrfs file system test suite (fstests) with specific options that force the use of the RAID stripe-tree. This triggers the device replacement process, which can then cause the recursive locking issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.9

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Btrfs Device Replacement Recursive Locking Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating