CVE-2025-22114 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: don't clobber ret in btrfs_validate_super()

Commit 2a9bb78cfd36 ("btrfs: validate system chunk array at
btrfs_validate_super()") introduces a call to validate_sys_chunk_array()
in btrfs_validate_super(), which clobbers the value of ret set earlier.
This has the effect of negating the validity checks done earlier, making
it so btrfs could potentially try to mount invalid filesystems.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716
https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012
https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22114-721d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-22114
https://www.cve.org/CVERecord?id=CVE-2025-22114

History

Fri, 18 Apr 2025 02:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22114-721d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-22114 https://www.cve.org/CVERecord?id=CVE-2025-22114
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 16 Apr 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfs_validate_super() Commit 2a9bb78cfd36 ("btrfs: validate system chunk array at btrfs_validate_super()") introduces a call to validate_sys_chunk_array() in btrfs_validate_super(), which clobbers the value of ret set earlier. This has the effect of negating the validity checks done earlier, making it so btrfs could potentially try to mount invalid filesystems.
Title		btrfs: don't clobber ret in btrfs_validate_super()
References		https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716 https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-04-16T14:12:59.898Z

Updated: 2025-05-26T05:18:46.580Z

Reserved: 2024-12-29T08:45:45.823Z

Link: CVE-2025-22114

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-04-16T15:16:05.617

Modified: 2025-04-17T20:22:16.240

Link: CVE-2025-22114

Redhat

Severity : Low

Publid Date: 2025-04-16T00:00:00Z

Links: CVE-2025-22114 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object