FKIE_CVE-2025-71184

Vulnerability from fkie_nvd - Published: 2026-01-31 12:16 - Updated: 2026-02-03 16:44
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root might be NULL, as implied in the next check that we do in btrfs_evict_inode(). Hence, we either should set the ->root_objectid to 0 in case the root is NULL, or we move tracing setup after checking that the root is not NULL. Setting the rootid to 0 at least gives us the possibility to trace this call even in the case when the root is NULL, so that's the solution taken here.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root\u0027s id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that\u0027s the solution\ntaken here."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbtrfs: correcci\u00f3n de desreferencia de NULL en la ra\u00edz al rastrear el desalojo de inodos\n\nAl desalojar un inodo, lo primero que hacemos es configurar el rastreo para \u00e9l, lo que implica obtener el ID de la ra\u00edz. Pero en btrfs_evict_inode(), la ra\u00edz podr\u00eda ser NULL, como se implica en la siguiente comprobaci\u00f3n que hacemos en btrfs_evict_inode().\n\nPor lo tanto, deber\u00edamos establecer el -\u0026gt;root_objectid a 0 en caso de que la ra\u00edz sea NULL, o movemos la configuraci\u00f3n del rastreo despu\u00e9s de comprobar que la ra\u00edz no es NULL. Establecer el rootid a 0 al menos nos da la posibilidad de rastrear esta llamada incluso en el caso de que la ra\u00edz sea NULL, as\u00ed que esa es la soluci\u00f3n adoptada aqu\u00ed."
    }
  ],
  "id": "CVE-2025-71184",
  "lastModified": "2026-02-03T16:44:36.630",
  "metrics": {},
  "published": "2026-01-31T12:16:03.673",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.