CVE-2025-21752: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 20480) itemoff 14587 itemsize 16 stride 0 devid 5 physical 67502080 item 106 key (354631680 230 4096) itemoff 14571 itemsize 16 stride 0 devid 1 physical 88559616 item 107 key (354631680 230 32768) itemoff 14555 itemsize 16 stride 0 devid 1 physical 88555520 item 108 key (354717696 230 28672) itemoff 14539 itemsize 16 stride 0 devid 2 physical 67604480 [ snip ] BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:2602! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270 Code: <snip> RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500 R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000 R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58 FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0 Call Trace: <TASK> ? __die_body.cold+0x14/0x1a ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? btrfs_set_item_key_safe+0xf7/0x270 ? exc_invalid_op+0x50/0x70 ? btrfs_set_item_key_safe+0xf7/0x270 ? asm_exc_invalid_op+0x1a/0x20 ? btrfs_set_item_key_safe+0xf7/0x270 btrfs_partially_delete_raid_extent+0xc4/0xe0 btrfs_delete_raid_extent+0x227/0x240 __btrfs_free_extent.isra.0+0x57f/0x9c0 ? exc_coproc_segment_overrun+0x40/0x40 __btrfs_run_delayed_refs+0x2fa/0xe80 btrfs_run_delayed_refs+0x81/0xe0 btrfs_commit_transaction+0x2dd/0xbe0 ? preempt_count_add+0x52/0xb0 btrfs_sync_file+0x375/0x4c0 do_fsync+0x39/0x70 __x64_sys_fsync+0x13/0x20 do_syscall_64+0x54/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f7d7550ef90 Code: <snip> RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90 RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004 RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8 </TASK> While the root cause of the tree order corruption isn't clear, using btrfs_duplicate_item() to copy the item and then adjusting both the key and the per-device physical addresses is a safe way to counter this problem.
AI Analysis
Technical Summary
CVE-2025-21752 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of RAID stripe extents within the Btrfs RAID stripe-tree. The vulnerability arises from the improper use of the function btrfs_set_item_key_safe() to modify keys in the RAID stripe-tree. This function is designed to safely update item keys, but when used on RAID stripe extents, it can cause corruption of the tree structure. The corruption is detected by internal consistency checks within btrfs_set_item_key_safe(), which then triggers a kernel BUG, leading to a kernel panic or system crash. The vulnerability manifests as an invalid opcode exception and a kernel oops, indicating a critical failure in kernel execution. The root cause of the corruption is not fully understood, but the recommended safe approach is to use btrfs_duplicate_item() to copy the item and then adjust both the key and the per-device physical addresses, avoiding direct modification via btrfs_set_item_key_safe(). This flaw affects Linux kernel versions prior to the patch and is particularly relevant for systems using Btrfs with RAID configurations. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk to systems running Linux with Btrfs filesystems configured in RAID mode. The impact includes potential data corruption, system instability, and unexpected downtime due to kernel panics triggered by the vulnerability. This can lead to loss of data integrity and availability, especially in environments relying on Btrfs RAID for redundancy and performance. Critical infrastructure, cloud service providers, and enterprises using Linux servers for storage or virtualization could experience service interruptions. The vulnerability could also complicate recovery efforts and increase operational costs due to unplanned outages and data recovery processes. Although exploitation requires triggering specific filesystem operations, the impact on confidentiality is minimal; however, integrity and availability are severely affected. Given the widespread use of Linux in European data centers, research institutions, and government agencies, the vulnerability could have broad operational consequences if unpatched.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where this issue is resolved. Since the root cause involves unsafe modification of RAID stripe-tree keys, administrators should avoid manual or automated processes that directly invoke btrfs_set_item_key_safe() on RAID stripe extents. Instead, ensure that any Btrfs maintenance or repair tools use the recommended safe method involving btrfs_duplicate_item(). System administrators should audit their current Btrfs RAID configurations and monitor kernel logs for signs of corruption or kernel panics related to Btrfs operations. Implementing robust backup and recovery procedures is critical to minimize data loss risks. Additionally, organizations should test kernel updates in staging environments to verify stability before deployment. For environments where immediate patching is not feasible, consider isolating affected systems or limiting workloads that perform intensive Btrfs RAID operations to reduce exposure. Monitoring for unusual filesystem errors or crashes can provide early warning of exploitation attempts or accidental triggers.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-21752: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents Don't use btrfs_set_item_key_safe() to modify the keys in the RAID stripe-tree, as this can lead to corruption of the tree, which is caught by the checks in btrfs_set_item_key_safe(): BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12 BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030 [ snip ] item 105 key (354549760 230 20480) itemoff 14587 itemsize 16 stride 0 devid 5 physical 67502080 item 106 key (354631680 230 4096) itemoff 14571 itemsize 16 stride 0 devid 1 physical 88559616 item 107 key (354631680 230 32768) itemoff 14555 itemsize 16 stride 0 devid 1 physical 88555520 item 108 key (354717696 230 28672) itemoff 14539 itemsize 16 stride 0 devid 2 physical 67604480 [ snip ] BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096) ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:2602! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270 Code: <snip> RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287 RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500 R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000 R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58 FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0 Call Trace: <TASK> ? __die_body.cold+0x14/0x1a ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? btrfs_set_item_key_safe+0xf7/0x270 ? exc_invalid_op+0x50/0x70 ? btrfs_set_item_key_safe+0xf7/0x270 ? asm_exc_invalid_op+0x1a/0x20 ? btrfs_set_item_key_safe+0xf7/0x270 btrfs_partially_delete_raid_extent+0xc4/0xe0 btrfs_delete_raid_extent+0x227/0x240 __btrfs_free_extent.isra.0+0x57f/0x9c0 ? exc_coproc_segment_overrun+0x40/0x40 __btrfs_run_delayed_refs+0x2fa/0xe80 btrfs_run_delayed_refs+0x81/0xe0 btrfs_commit_transaction+0x2dd/0xbe0 ? preempt_count_add+0x52/0xb0 btrfs_sync_file+0x375/0x4c0 do_fsync+0x39/0x70 __x64_sys_fsync+0x13/0x20 do_syscall_64+0x54/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f7d7550ef90 Code: <snip> RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90 RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004 RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8 </TASK> While the root cause of the tree order corruption isn't clear, using btrfs_duplicate_item() to copy the item and then adjusting both the key and the per-device physical addresses is a safe way to counter this problem.
AI-Powered Analysis
Technical Analysis
CVE-2025-21752 is a vulnerability identified in the Linux kernel's Btrfs filesystem implementation, specifically related to the handling of RAID stripe extents within the Btrfs RAID stripe-tree. The vulnerability arises from the improper use of the function btrfs_set_item_key_safe() to modify keys in the RAID stripe-tree. This function is designed to safely update item keys, but when used on RAID stripe extents, it can cause corruption of the tree structure. The corruption is detected by internal consistency checks within btrfs_set_item_key_safe(), which then triggers a kernel BUG, leading to a kernel panic or system crash. The vulnerability manifests as an invalid opcode exception and a kernel oops, indicating a critical failure in kernel execution. The root cause of the corruption is not fully understood, but the recommended safe approach is to use btrfs_duplicate_item() to copy the item and then adjust both the key and the per-device physical addresses, avoiding direct modification via btrfs_set_item_key_safe(). This flaw affects Linux kernel versions prior to the patch and is particularly relevant for systems using Btrfs with RAID configurations. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a significant risk to systems running Linux with Btrfs filesystems configured in RAID mode. The impact includes potential data corruption, system instability, and unexpected downtime due to kernel panics triggered by the vulnerability. This can lead to loss of data integrity and availability, especially in environments relying on Btrfs RAID for redundancy and performance. Critical infrastructure, cloud service providers, and enterprises using Linux servers for storage or virtualization could experience service interruptions. The vulnerability could also complicate recovery efforts and increase operational costs due to unplanned outages and data recovery processes. Although exploitation requires triggering specific filesystem operations, the impact on confidentiality is minimal; however, integrity and availability are severely affected. Given the widespread use of Linux in European data centers, research institutions, and government agencies, the vulnerability could have broad operational consequences if unpatched.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where this issue is resolved. Since the root cause involves unsafe modification of RAID stripe-tree keys, administrators should avoid manual or automated processes that directly invoke btrfs_set_item_key_safe() on RAID stripe extents. Instead, ensure that any Btrfs maintenance or repair tools use the recommended safe method involving btrfs_duplicate_item(). System administrators should audit their current Btrfs RAID configurations and monitor kernel logs for signs of corruption or kernel panics related to Btrfs operations. Implementing robust backup and recovery procedures is critical to minimize data loss risks. Additionally, organizations should test kernel updates in staging environments to verify stability before deployment. For environments where immediate patching is not feasible, consider isolating affected systems or limiting workloads that perform intensive Btrfs RAID operations to reduce exposure. Monitoring for unusual filesystem errors or crashes can provide early warning of exploitation attempts or accidental triggers.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.759Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe86bc
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:54:57 AM
Last updated: 8/18/2025, 3:47:43 AM
Views: 17
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.