github - ghsa-7rq4-gjpx-jq6g

ghsa-7rq4-gjpx-jq6g

Vulnerability from github

Published

2025-04-16 15:34

Modified

2025-04-16 15:34

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: don't clobber ret in btrfs_validate_super()

Commit 2a9bb78cfd36 ("btrfs: validate system chunk array at btrfs_validate_super()") introduces a call to validate_sys_chunk_array() in btrfs_validate_super(), which clobbers the value of ret set earlier. This has the effect of negating the validity checks done earlier, making it so btrfs could potentially try to mount invalid filesystems.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-22114"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:16:05Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t clobber ret in btrfs_validate_super()\n\nCommit 2a9bb78cfd36 (\"btrfs: validate system chunk array at\nbtrfs_validate_super()\") introduces a call to validate_sys_chunk_array()\nin btrfs_validate_super(), which clobbers the value of ret set earlier.\nThis has the effect of negating the validity checks done earlier, making\nit so btrfs could potentially try to mount invalid filesystems.",
  "id": "GHSA-7rq4-gjpx-jq6g",
  "modified": "2025-04-16T15:34:45Z",
  "published": "2025-04-16T15:34:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22114"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-22114 (GCVE-0-2025-22114)

Vulnerability from cvelistv5

Published

2025-04-16 14:12

Modified

2025-05-26 05:18

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfs_validate_super() Commit 2a9bb78cfd36 ("btrfs: validate system chunk array at btrfs_validate_super()") introduces a call to validate_sys_chunk_array() in btrfs_validate_super(), which clobbers the value of ret set earlier. This has the effect of negating the validity checks done earlier, making it so btrfs could potentially try to mount invalid filesystems.

References

►

URL

Tags

	https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012
	https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716

Impacted products

Vendor

Product

Version

►

Version: 2a9bb78cfd367fdeff74f15b1e98969912292d9e
Version: 2a9bb78cfd367fdeff74f15b1e98969912292d9e

Version: 6.14

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef6800a2015e706e9852a5ec15263fec9990d012",
              "status": "affected",
              "version": "2a9bb78cfd367fdeff74f15b1e98969912292d9e",
              "versionType": "git"
            },
            {
              "lessThan": "9db9c7dd5b4e1d3205137a094805980082c37716",
              "status": "affected",
              "version": "2a9bb78cfd367fdeff74f15b1e98969912292d9e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/disk-io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.2",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t clobber ret in btrfs_validate_super()\n\nCommit 2a9bb78cfd36 (\"btrfs: validate system chunk array at\nbtrfs_validate_super()\") introduces a call to validate_sys_chunk_array()\nin btrfs_validate_super(), which clobbers the value of ret set earlier.\nThis has the effect of negating the validity checks done earlier, making\nit so btrfs could potentially try to mount invalid filesystems."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:18:46.580Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef6800a2015e706e9852a5ec15263fec9990d012"
        },
        {
          "url": "https://git.kernel.org/stable/c/9db9c7dd5b4e1d3205137a094805980082c37716"
        }
      ],
      "title": "btrfs: don\u0027t clobber ret in btrfs_validate_super()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22114",
    "datePublished": "2025-04-16T14:12:59.898Z",
    "dateReserved": "2024-12-29T08:45:45.823Z",
    "dateUpdated": "2025-05-26T05:18:46.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.