Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we call extent_io_tree_panic() which will trigger a BUG() call. However if CONFIG_BUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cache_state() which will dereference the error pointer, resulting in an invalid memory access. So jump to the 'out' label after calling extent_io_tree_panic(), it also makes the code more clear besides dealing with the exotic scenario where CONFIG_BUG is disabled.

INFO

Published Date :

2025-07-10T07:41:51.846Z

Last Modified :

2026-01-02T15:30:20.068Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38269 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38269.

URL Resource
https://git.kernel.org/stable/c/3bf179e36da917c5d9bec71c714573ed1649b7c1 cve-icon cve-icon
https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622 cve-icon cve-icon
https://git.kernel.org/stable/c/8d9d32088e304e2bc444a3087cab0bbbd9951866 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025071007-CVE-2025-38269-fb65@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38269 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38269 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact