CVE-2025-37856

EUVD-2025-14136
In the Linux kernel, the following vulnerability has been resolved:

btrfs: harden block_group::bg_list against list_del() races

As far as I can tell, these calls of list_del_init() on bg_list cannot
run concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),
as they are in transaction error paths and situations where the block
group is readonly.

However, if there is any chance at all of racing with mark_bg_unused(),
or a different future user of bg_list, better to be safe than sorry.

Otherwise we risk the following interleaving (bg_list refcount in parens)

T1 (some random op)                       T2 (btrfs_mark_bg_unused)
                                        !list_empty(&bg->bg_list); (1)
list_del_init(&bg->bg_list); (1)
                                        list_move_tail (1)
btrfs_put_block_group (0)
                                        btrfs_delete_unused_bgs
                                             bg = list_first_entry
                                             list_del_init(&bg->bg_list);
                                             btrfs_put_block_group(bg); (-1)

Ultimately, this results in a broken ref count that hits zero one deref
early and the real final deref underflows the refcount, resulting in a WARNING.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 6.12.24
linuxlinux_kernel
6.13 ≤
𝑥
< 6.13.12
linuxlinux_kernel
6.14 ≤
𝑥
< 6.14.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.10-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
kernel-64kb
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-default
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-default-base
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1.150600.12.28.4
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1.150700.17.9.4
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
kernel-docs
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.3
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.3
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.3
fixed
kernel-macros
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-source
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-source-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-syms
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
kernel-syms-azure
suse enterprise sap 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.20.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.8.48.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.20.11.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise desktop 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise sap 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.11.1
fixed
suse enterprise server 15 SP6
6.4.0-150600.23.65.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.11.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.269.1
fixed
References
https://git.kernel.org/stable/c/185fd73e5ac06027c4be9a129e59193f6a3ef202
https://git.kernel.org/stable/c/7511e29cf1355b2c47d0effb39e463119913e2f6
https://git.kernel.org/stable/c/909e60fb469d4101c6b08cf6e622efb062bb24a1
https://git.kernel.org/stable/c/bf089c4d1141b27332c092b1dcca5022c415a3b6