CVE-2025-37931
📋 TL;DR
A Linux kernel Btrfs filesystem vulnerability causes metadata corruption when using subpage support with specific page/node/sector size combinations. This affects Linux systems running Btrfs with 64KB page size, 16KB nodesize, and 4KB sectorsize configurations, potentially leading to filesystem corruption.
💻 Affected Systems
- Linux kernel with Btrfs filesystem support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete filesystem corruption leading to data loss, system crashes, or inability to boot from affected filesystems.
Likely Case
Metadata corruption causing filesystem errors, data inconsistencies, or system instability requiring filesystem repair.
If Mitigated
No impact if patched or not using affected Btrfs configurations.
🎯 Exploit Status
Exploitation requires specific Btrfs configuration and local access. This is a filesystem corruption bug rather than a traditional security vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commits: 396f4002710030ea1cfd4c789ebaf0a6969ab34f, 5111b148360f50cac9abbae8fca44cc0ac4bf9bf, 977849e8acd2466ac3cb49e04a3ecc73837f6b90, b80db09b614cb7edec5bada1bc7c7b0eb3b453ea, e08e49d986f82c30f42ad0ed43ebbede1e1e3739
Vendor Advisory: https://git.kernel.org/stable/c/396f4002710030ea1cfd4c789ebaf0a6969ab34f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Avoid affected Btrfs configuration
linuxDo not use Btrfs with 64KB page size, 16KB nodesize, and 4KB sectorsize combination.
Use alternative filesystem
linuxUse ext4, XFS, or other filesystems instead of Btrfs on affected systems.
🧯 If You Can't Patch
- Avoid using Btrfs with 64KB page size configurations
- Implement regular filesystem checks and backups to detect/corruption early
🔍 How to Verify
Check if Vulnerable:
Check kernel version and Btrfs configuration: 1. Run 'uname -r' to check kernel version. 2. Check if using Btrfs with 64KB page size, 16KB nodesize, and 4KB sectorsize.Check Version:
uname -rVerify Fix Applied:
1. Verify kernel version contains fix commits. 2. Check Btrfs configuration no longer uses vulnerable size combination. 3. Monitor system logs for Btrfs errors.📡 Detection & Monitoring
Log Indicators:
- Btrfs filesystem corruption errors in kernel logs
- Metadata write failures
- Filesystem check errors
SIEM Query:
source="kernel" AND ("BTRFS" OR "btrfs") AND ("corruption" OR "error" OR "failed")🔗 References
- https://git.kernel.org/stable/c/396f4002710030ea1cfd4c789ebaf0a6969ab34f
- https://git.kernel.org/stable/c/5111b148360f50cac9abbae8fca44cc0ac4bf9bf
- https://git.kernel.org/stable/c/977849e8acd2466ac3cb49e04a3ecc73837f6b90
- https://git.kernel.org/stable/c/b80db09b614cb7edec5bada1bc7c7b0eb3b453ea
- https://git.kernel.org/stable/c/e08e49d986f82c30f42ad0ed43ebbede1e1e3739
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
