CVE-2025-21753: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a use-after-free vulnerability was discovered in the BTRFS filesystem code when attempting to join an aborted transaction. When trying to join the current transaction that is aborted, the code reads the 'aborted' field after unlocking fsinfo->translock and without holding any extra reference count, allowing a concurrent task that is aborting the transaction to potentially free the transaction before the 'aborted' field is read (Linux Kernel Commit).

The vulnerability exists in the transaction handling code of BTRFS filesystem. When joining an aborted transaction, the code unlocks the fsinfo->translock before reading the transaction's 'aborted' field, creating a race condition. A concurrent task can abort and free the transaction in this window, leading to a use-after-free condition. The issue was discovered through KASAN (Kernel Address Sanitizer) which detected the invalid memory access in join_transaction() function at fs/btrfs/transaction.c:278 (Linux Kernel Commit).

This vulnerability could lead to a use-after-free condition in the kernel's BTRFS filesystem code. When triggered, it could cause system crashes or potentially allow an attacker to execute arbitrary code with kernel privileges (Linux Kernel Commit).

The fix involves reading the 'aborted' field while holding the fsinfo->translock, since any freeing task must first acquire that lock and set fsinfo->runningtransaction to NULL before freeing the transaction. This ensures proper synchronization and prevents the use-after-free condition (Linux Kernel Commit).