PT-2025-8865 · Linux+7 · Linux Kernel+7

Dmitry Vyukov

+1

·

Published

2025-01-20

·

Updated

2026-04-20

·

CVE-2025-21753

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0-rc7
Description A use-after-free issue has been identified in the Linux kernel, specifically in the btrfs file system. This occurs when attempting to join an aborted transaction, where the 'aborted' field is read after unlocking fs info->trans lock and without holding any extra reference count on it. This allows a concurrent task that is aborting the transaction to free the transaction before the 'aborted' field is read, resulting in a use-after-free. The issue was reported by syzbot and Dmitry, with stack traces provided from KASAN.
Recommendations To resolve this issue, update to a version of the Linux kernel that includes the fix for this use-after-free issue. As a temporary workaround, consider restricting access to the btrfs file system until a patch is available.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALT-PU-2025-12647
ALT-PU-2025-5012
ALT-PU-2025-5359
ALT-PU-2025-5361
ALT-PU-2025-5437
AZL-59010
BDU:2025-03901
CVE-2025-21753
DLA-4102-1
DLA-4178-1
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
OPENSUSE-SU-2025_1195-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:0834-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:1183-1
SUSE-SU-2025:1195-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_0834-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
SUSE-SU-2025_1195-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7516-1
USN-7516-2
USN-7516-3
USN-7516-4
USN-7516-5
USN-7516-6
USN-7516-7
USN-7516-8
USN-7516-9
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7539-1
USN-7540-1
USN-7593-1
USN-7602-1
USN-7640-1
USN-7651-1
USN-7651-2
USN-7651-3
USN-7651-4
USN-7651-5
USN-7651-6
USN-7652-1
USN-7653-1
USN-7737-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu