{"id":"CVE-2025-38382","summary":"btrfs: fix iteration of extrefs during log replay","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven't\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref's name\nlength.","modified":"2026-03-20T12:42:50.277558Z","published":"2025-07-25T12:53:23.665Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38382.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171"},{"type":"WEB","url":"https://git.kernel.org/stable/c/539969fc472886a1d63565459514d47e27fef461"},{"type":"WEB","url":"https://git.kernel.org/stable/c/54a7081ed168b72a8a2d6ef4ba3a1259705a2926"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7ac790dc2ba00499a8d671d4a24de4d4ad27e234"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aee57a0293dca675637e5504709f9f8fd8e871be"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38382.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38382"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e"},{"fixed":"539969fc472886a1d63565459514d47e27fef461"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e43eec81c5167b655b72c781b0e75e62a05e415e"},{"fixed":"2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171"},{"fixed":"7ac790dc2ba00499a8d671d4a24de4d4ad27e234"},{"fixed":"aee57a0293dca675637e5504709f9f8fd8e871be"},{"fixed":"54a7081ed168b72a8a2d6ef4ba3a1259705a2926"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38382.json"}}],"schema_version":"1.7.5"}