SB2025071131 - NULL pointer dereference in Linux kernel btrfs
Published: July 11, 2025
Security Bulletin ID
SB2025071131
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-38260)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_global_roots_objectid() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3f5c4a996f8f4fecd24a3eb344a307c50af895c2
- https://git.kernel.org/stable/c/547e836661554dcfa15c212a3821664e85b4191a
- https://git.kernel.org/stable/c/bbe9231fe611a54a447962494472f604419bad59
- https://git.kernel.org/stable/c/f8ce11903211542a61f05c02caedd2edfb4256b8
- https://git.kernel.org/stable/c/fc97a116dc4929905538bc0bd3af7faa51192957