SB2025062005 - Use-after-free in Linux kernel btrfs
Published: June 20, 2025 Updated: June 21, 2025
Security Bulletin ID
SB2025062005
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-50067)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/5d741afed0bac206640cc64d77b97853283cf719
- https://git.kernel.org/stable/c/78f8c2370e3d33e35f23bdc648653d779aeacb6e
- https://git.kernel.org/stable/c/85f02d6c856b9f3a0acf5219de6e32f58b9778eb
- https://git.kernel.org/stable/c/8e546674031fc1576da501e27a8fd165222e5a37
- https://git.kernel.org/stable/c/b60e862e133f646f19023ece1d476d630a660de1
- https://git.kernel.org/stable/c/dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f
- https://git.kernel.org/stable/c/ff0e8ed8dfb584575cffc1561f17a1d094e8565b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.318