Login Sign Up

CVE-2025-22114

5.5 MEDIUM

📋 TL;DR

A logic error in the Linux kernel's Btrfs filesystem validation function could allow mounting of invalid filesystems that should have been rejected. This affects Linux systems using Btrfs filesystems, potentially leading to data corruption or system instability.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing commit 2a9bb78cfd36 but before fixes in 9db9c7dd5b4e1d3205137a094805980082c37716 and ef6800a2015e706e9852a5ec15263fec9990d012
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Btrfs filesystem. Systems using other filesystems (ext4, xfs, etc.) are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mounting a corrupted Btrfs filesystem could lead to data loss, filesystem corruption, or kernel panics when accessing invalid data structures.

🟠

Likely Case

System administrators might inadvertently mount corrupted filesystems that appear functional but could experience data corruption or crashes during normal operations.

🟢

If Mitigated

With proper monitoring and regular filesystem checks, the impact is limited to potential temporary system instability until the invalid mount is detected and corrected.

🌐 Internet-Facing: LOW - This vulnerability requires local filesystem access and cannot be exploited remotely over the network.
🏢 Internal Only: MEDIUM - Local users or administrators with filesystem access could potentially exploit this, but it requires specific conditions (invalid Btrfs filesystem to mount).

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires creating or obtaining a specially crafted invalid Btrfs filesystem and having sufficient privileges to mount it.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 9db9c7dd5b4e1d3205137a094805980082c37716 and ef6800a2015e706e9852a5ec15263fec9990d012

Vendor Advisory: https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Avoid mounting untrusted Btrfs filesystems

linux

Prevent mounting of potentially corrupted Btrfs filesystems from untrusted sources

Use alternative filesystems

linux

Temporarily use ext4 or xfs instead of Btrfs for critical systems

🧯 If You Can't Patch

  • Implement strict access controls to prevent mounting of untrusted filesystems
  • Regularly run btrfs check on all Btrfs filesystems to detect corruption early

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if it's between affected commits: uname -r and examine kernel changelog

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than the patched versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing Btrfs mount errors or corruption warnings
  • System logs showing unexpected filesystem mounting

SIEM Query:

source="kernel" AND ("btrfs" AND ("mount" OR "corrupt" OR "invalid"))

📊 Metadata

CVE ID: CVE-2025-22114
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.09% exploit probability (25.9th percentile)
Published: April 16, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON