CVE-2025-22019
📋 TL;DR
A Linux kernel vulnerability in bcachefs filesystem's subvolume destruction function allows local attackers to cause denial of service or potentially bypass permissions checks. This affects systems using bcachefs filesystem with the vulnerable kernel versions. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Linux kernel with bcachefs support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation or persistent denial of service affecting bcachefs filesystem operations
Likely Case
Local denial of service causing filesystem operations to hang or crash
If Mitigated
Minimal impact if proper access controls restrict local user privileges
🎯 Exploit Status
Requires local access and knowledge of bcachefs operations; exploitation details not publicly documented
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 558317a5c61045d460a37372181e7b43c0c002bb, 707549600c4a012ed71c0204a7992a679880bf33, 82383abd39abd635511b8956284a5cc8134c4dc1, 9e6e83e1e2d01b99e70cd7812d7f758a8def9fc8
Vendor Advisory: https://git.kernel.org/stable/c/
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version 2. Reboot system 3. Verify kernel version after reboot
🔧 Temporary Workarounds
Disable bcachefs module
linuxPrevent loading of bcachefs kernel module if not required
echo 'install bcachefs /bin/false' > /etc/modprobe.d/disable-bcachefs.conf
rmmod bcachefs
Restrict subvolume operations
linuxLimit access to subvolume destruction operations
chmod 700 /sys/fs/bcachefs/*/subvolumes
setfacl -m u:root:rwx /sys/fs/bcachefs/*/subvolumes
🧯 If You Can't Patch
- Restrict local user access to systems using bcachefs
- Implement strict privilege separation and limit users who can execute subvolume operations
🔍 How to Verify
Check if Vulnerable:
Check if bcachefs module is loaded and kernel version is vulnerable: lsmod | grep bcachefs && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check git commit history for the fix commits📡 Detection & Monitoring
Log Indicators:
- Kernel panic or hang messages related to bcachefs
- Failed subvolume destruction operations in system logs
- Excessive dcache pruning operations
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("bcachefs" OR "subvolume" OR "dcache") AND ("panic" OR "hang" OR "stuck")