AZL-70651

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70651.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70651

Upstream

CVE-2025-38269

Published

2025-07-10T08:15:25Z

Modified

2026-04-01T05:21:58.056590Z

Summary

CVE-2025-38269 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: exit after state insertion failure at btrfsconvertextent_bit()

If insertstate() state failed it returns an error pointer and we call extentiotreepanic() which will trigger a BUG() call. However if CONFIGBUG is disabled, which is an uncommon and exotic scenario, then we fallthrough and call cachestate() which will dereference the error pointer, resulting in an invalid memory access.

So jump to the 'out' label after calling extentiotreepanic(), it also makes the code more clear besides dealing with the exotic scenario where CONFIGBUG is disabled.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38269

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70651.json"