CVE-2025-38370: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability in the Linux kernel's BTRFS filesystem has been identified and assigned CVE-2025-38370. The issue relates to a failure in rebuilding the free space tree when using multiple transactions. This vulnerability was discovered and disclosed in July 2025, affecting the BTRFS filesystem implementation in the Linux kernel (Red Hat CVE).

The vulnerability occurs during the rebuilding of a free space tree in BTRFS, specifically when modifying the free space tree requires allocating a new metadata block group across multiple transactions. When btrfsendtransaction() is called, it triggers btrfscreatependingblockgroups() which attempts to add items to the free space tree for the block group. Subsequently, during the free space tree rebuild in btrfsrebuildfreespacetree(), the system may encounter these new block groups and attempt to populate the free space tree for them, resulting in a -EEXIST error due to pre-existing items. The vulnerability has been assigned a CVSS v3.1 score of 5.5 with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability results in transaction abortion with error -17 (EEXIST) during the free space tree rebuild process. This can lead to filesystem operation failures and potential system instability, though it does not impact confidentiality or integrity of the data (Red Hat CVE).

Red Hat has confirmed that Red Hat Enterprise Linux versions 6, 7, 8, 9, and their respective kernel-rt variants are not affected by this vulnerability. A fix has been implemented in the Linux kernel to address the free space tree rebuilding issue (Red Hat CVE).