CVE-2025-21752 – A Linux kernel Btrfs filesystem vulnerability a... (How to Fix)

Q: What is the severity of CVE-2025-21752?

CVE-2025-21752 has a CVSS score of 5.5 (MEDIUM). A Linux kernel Btrfs filesystem vulnerability allows corruption of RAID stripe-tree metadata when using btrfs_set_item_key_safe() on RAID stripe-extents. This can cause kernel panics and filesystem corruption. Affects systems using Btrfs with RAID configurations.

📋 TL;DR

A Linux kernel Btrfs filesystem vulnerability allows corruption of RAID stripe-tree metadata when using btrfs_set_item_key_safe() on RAID stripe-extents. This can cause kernel panics and filesystem corruption. Affects systems using Btrfs with RAID configurations.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before fixes in commits 1c25eff52ee5a02a2c4be659a44ae972d9989742 and dc14ba10781bd2629835696b7cc1febf914768e9

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems using Btrfs filesystem with RAID configurations (stripe-tree feature)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and potential data corruption/loss in Btrfs RAID arrays

🟠

Likely Case

Filesystem corruption requiring fsck repair or data recovery during RAID operations

🟢

If Mitigated

Limited impact if Btrfs RAID is not used or system has recent backups

🌐 Internet-Facing: LOW - Requires local filesystem access and specific Btrfs RAID operations

🏢 Internal Only: MEDIUM - Can affect servers using Btrfs RAID for storage, potentially causing service disruption

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires local access and ability to trigger specific Btrfs RAID operations; appears to be discovered through normal testing rather than malicious exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 1c25eff52ee5a02a2c4be659a44ae972d9989742 and dc14ba10781bd2629835696b7cc1febf914768e9

Vendor Advisory: https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Avoid Btrfs RAID operations

linux

Temporarily avoid operations that modify RAID stripe-extents until patched

Use alternative filesystem

linux

Consider using ext4 or XFS instead of Btrfs for RAID configurations

🧯 If You Can't Patch

Implement regular Btrfs filesystem backups and snapshots
Monitor system logs for BTRFS critical errors and kernel panics

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using Btrfs with RAID: 'uname -r' and 'btrfs filesystem show'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 'uname -r' and check distribution patch notes

📡 Detection & Monitoring

Log Indicators:

BTRFS critical errors in kernel logs
Kernel panic messages related to btrfs_set_item_key_safe
Filesystem corruption errors

SIEM Query:

source="kernel" AND ("BTRFS critical" OR "btrfs_set_item_key_safe" OR "kernel panic" AND btrfs)

📊 Metadata

CVE ID: CVE-2025-21752

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score: 0.05% exploit probability (14.3th percentile)

Published: February 27, 2025

Last Updated: October 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON