Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot().
References (6)
Core 6
Core References
Scores
CVSS v3
5.5
EPSS
0.0020
EPSS Percentile
10.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (18)
linux/Kernel
5.11.0 - 5.15.174linux
linux/Kernel
5.16.0 - 6.1.120linux
linux/Kernel
6.2.0 - 6.6.64linux
linux/Kernel
6.7.0 - 6.12.4linux
Linux/Linux
< 5.11
Linux/Linux
42437a6386ffeaaf200731e73d723ea491f3fe7d - 3ed51857a50f530ac7a1482e069dfbd1298558d4
Linux/Linux
42437a6386ffeaaf200731e73d723ea491f3fe7d - 757171d1369b3b47f36932d40a05a0715496dcab
Linux/Linux
42437a6386ffeaaf200731e73d723ea491f3fe7d - 93992c3d9629b02dccf6849238559d5c24f2dece
Linux/Linux
42437a6386ffeaaf200731e73d723ea491f3fe7d - c71d114ef68c95da5a82ec85a721ab31f5bd905b
Linux/Linux
42437a6386ffeaaf200731e73d723ea491f3fe7d - db66fb87c21e8ae724886e6a464dcbac562a64c6
... and 8 more
Published
Jan 08, 2025
Tracked Since
Feb 18, 2026