CVE-2025-38382

Summary

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix iteration of extrefs during log replay

At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victim_name.len was not initialized to the length of the name of the current extref.

Fix this by initializing victim_name.len with the current extref's name length.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e < 539969fc472886a1d63565459514d47e27fef461affected
LinuxLinuxe43eec81c5167b655b72c781b0e75e62a05e415e < 2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171affected
LinuxLinuxe43eec81c5167b655b72c781b0e75e62a05e415e < 7ac790dc2ba00499a8d671d4a24de4d4ad27e234affected
LinuxLinuxe43eec81c5167b655b72c781b0e75e62a05e415e < aee57a0293dca675637e5504709f9f8fd8e871beaffected
LinuxLinuxe43eec81c5167b655b72c781b0e75e62a05e415e < 54a7081ed168b72a8a2d6ef4ba3a1259705a2926affected
LinuxLinux6.1.57 < 6.1.144affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.1.144 <= 6.1.*unaffected
LinuxLinux6.6.97 <= 6.6.*unaffected
LinuxLinux6.12.37 <= 6.12.*unaffected
LinuxLinux6.15.6 <= 6.15.*unaffected
LinuxLinux6.16 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References