AZL-62738

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62738.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-62738

Upstream

CVE-2025-37856

Published

2025-05-09T07:16:06Z

Modified

2026-04-01T05:20:08.244478Z

Summary

CVE-2025-37856 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: harden blockgroup::bglist against list_del() races

As far as I can tell, these calls of listdelinit() on bglist cannot run concurrently with btrfsmarkbgunused() or btrfsmarkbgtoreclaim(), as they are in transaction error paths and situations where the block group is readonly.

However, if there is any chance at all of racing with markbgunused(), or a different future user of bg_list, better to be safe than sorry.

Otherwise we risk the following interleaving (bg_list refcount in parens)

T1 (some random op) T2 (btrfsmarkbgunused) !listempty(&bg->bglist); (1) listdelinit(&bg->bglist); (1) listmovetail (1) btrfsputblockgroup (0) btrfsdeleteunusedbgs bg = listfirstentry listdelinit(&bg->bglist); btrfsputblockgroup(bg); (-1)

Ultimately, this results in a broken ref count that hits zero one deref early and the real final deref underflows the refcount, resulting in a WARNING.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37856

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62738.json"