CVE-2025-39738
📋 TL;DR
A Linux kernel Btrfs filesystem vulnerability allows transaction aborts when relocating partially dropped subvolumes, causing filesystem corruption and potential system crashes. This affects systems using Btrfs with older kernels that have zombie subvolumes from incomplete deletions. The issue manifests during balance operations or delayed reference processing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Filesystem corruption leading to data loss, system crashes, and denial of service requiring filesystem repair or restoration from backups.
Likely Case
Transaction aborts during Btrfs balance operations causing temporary filesystem unavailability until remount, with potential minor data corruption.
If Mitigated
No impact if systems are patched or don't use Btrfs with problematic subvolume deletion patterns.
🎯 Exploit Status
Not a traditional security exploit but a filesystem reliability issue. Requires specific Btrfs state (partially dropped subvolumes) and trigger conditions (balance/relocation operations).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits 125e94a4b76b7b75d194f85bedd628097d2121f0 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/125e94a4b76b7b75d194f85bedd628097d2121f0
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fixes. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid Btrfs balance operations
linuxPrevent triggering the vulnerability by avoiding Btrfs balance commands on affected filesystems.
# Do not run: btrfs balance start /mount/point
Mount filesystem read-only
linuxMount affected Btrfs filesystems as read-only to prevent write operations that could trigger the issue.
mount -o remount,ro /mount/point
🧯 If You Can't Patch
- Avoid running btrfs balance or relocation operations on affected filesystems
- Monitor system logs for BTRFS errors and transaction aborts, be prepared for filesystem repair
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Btrfs is in use. Look for 'BTRFS: Transaction aborted' errors in dmesg or system logs during balance operations.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits. Test with btrfs balance operations while monitoring for transaction aborts.📡 Detection & Monitoring
Log Indicators:
- BTRFS error: extent item not found for insert
- BTRFS: Transaction aborted
- failed to run delayed ref
- WARNING: CPU: ... at ... btrfs_run_delayed_refs
Network Indicators:
- None - local filesystem issue
SIEM Query:
source="kernel" AND "BTRFS" AND ("Transaction aborted" OR "extent item not found")🔗 References
- https://git.kernel.org/stable/c/125e94a4b76b7b75d194f85bedd628097d2121f0
- https://git.kernel.org/stable/c/39a93e1c9dbf7e11632efeb20fcf0fc1dcf64d51
- https://git.kernel.org/stable/c/4289b494ac553e74e86fed1c66b2bf9530bc1082
- https://git.kernel.org/stable/c/4e403bd8e127d40dc7c05f06ee969c1ba1537ec5
- https://git.kernel.org/stable/c/f83d4c81bda3b7d1813268ab77408f7a0ce691ff
- https://git.kernel.org/stable/c/fa086b1398cf7e5f7dee7241bd5f2855cb5df8dc
- https://git.kernel.org/stable/c/fcb1f77b8ed8795608ca7a1f6505e2b07236c1f3
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
