CVE-2025-37827
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's BTRFS filesystem occurs when converting metadata from DUP to RAID1 profile on zoned devices with mismatched write pointers. This causes kernel crashes and potential denial of service. Systems using BTRFS with zoned storage and RAID1 configurations are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data corruption or loss in BTRFS volumes.
Likely Case
System crash when performing BTRFS balance operations on zoned storage with RAID1 profile mismatches.
If Mitigated
No impact if systems don't use BTRFS zoned storage or avoid RAID1 profile conversions.
🎯 Exploit Status
Exploitation requires specific BTRFS operations on zoned storage with RAID1 profile mismatches.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/9a447f748f6c7287dad68fa91913cd382fa0fcc8
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Apply specific commits: 9a447f748f6c7287dad68fa91913cd382fa0fcc8, b0c26f47992672661340dd6ea931240213016609, f4717a02cc422cf4bb2dbb280b154a1ae65c5f84. 3. Reboot system.
🔧 Temporary Workarounds
Avoid BTRFS RAID1 on zoned storage
linuxDo not use RAID1 profile for BTRFS on zoned storage devices
Disable BTRFS balance operations
linuxAvoid running btrfs balance commands on zoned storage systems
🧯 If You Can't Patch
- Avoid converting BTRFS metadata from DUP to RAID1 profile on zoned storage
- Monitor systems for BTRFS errors related to write pointer mismatches
🔍 How to Verify
Check if Vulnerable:
Check kernel version and BTRFS configuration. Look for systems using BTRFS with zoned storage and RAID1 profiles.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Test BTRFS balance operations on zoned storage with RAID1.📡 Detection & Monitoring
Log Indicators:
- BTRFS error: zoned: write pointer offset mismatch of zones in raid1 profile
- kernel NULL pointer dereference in __btrfs_add_free_space_zoned
SIEM Query:
source="kernel" AND ("BTRFS error" AND "write pointer offset mismatch" OR "NULL pointer dereference" AND "btrfs")