CVE-2025-21879 Information

Description

In the Linux kernel the following vulnerability has been resolved:

btrfs: fix use-after-free on inode when scanning root during em shrinking

At btrfs_scan_root() we are accessing the inode’s root (and fs_info) in a call to btrfs_fs_closing() after we have scheduled the inode for a delayed iput and that can result in a use-after-free on the inode in case the cleaner kthread does the iput before we dereference the inode in the call to btrfs_fs_closing().

Fix this by using the fs_info stored already in a local variable instead of doing inode->root->fs_info.

Reference

https://git.kernel.org/stable/c/59f37036bb7ab3d554c24abc856aabca01126414 https://git.kernel.org/stable/c/5e79d26014f9386387575b9ed60d342057cee49b