{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38243","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.996Z","datePublished":"2025-07-09T10:42:26.014Z","dateUpdated":"2026-05-11T21:24:00.565Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:24:00.565Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix invalid inode pointer dereferences during log replay\n\nIn a few places where we call read_one_inode(), if we get a NULL pointer\nwe end up jumping into an error path, or fallthrough in case of\n__add_inode_ref(), where we then do something like this:\n\n   iput(&inode->vfs_inode);\n\nwhich results in an invalid inode pointer that triggers an invalid memory\naccess, resulting in a crash.\n\nFix this by making sure we don't do such dereferences."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/tree-log.c"],"versions":[{"version":"0502d1127436a69b8c2e7cf309ae0ebff3332668","lessThan":"401d098f92ea69d8a75f8b845daf343e511681ba","status":"affected","versionType":"git"},{"version":"b4c50cbb01a1b6901d2b94469636dd80fa93de81","lessThan":"ba8386d662cc51cc5382688bbf7a152b0b0b27cf","status":"affected","versionType":"git"},{"version":"b4c50cbb01a1b6901d2b94469636dd80fa93de81","lessThan":"2dcf838cf5c2f0f4501edaa1680fcad03618d760","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/btrfs/tree-log.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.15.5","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.15.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/401d098f92ea69d8a75f8b845daf343e511681ba"},{"url":"https://git.kernel.org/stable/c/ba8386d662cc51cc5382688bbf7a152b0b0b27cf"},{"url":"https://git.kernel.org/stable/c/2dcf838cf5c2f0f4501edaa1680fcad03618d760"}],"title":"btrfs: fix invalid inode pointer dereferences during log replay","x_generator":{"engine":"bippy-1.2.0"}}}}