CVE-2025-38382: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38382 is a vulnerability discovered in the Linux kernel's btrfs filesystem component, specifically in the handling of extrefs during log replay operations. The vulnerability was disclosed on July 25, 2025, and affects the _inodeadd_ref() function when processing extrefs (NVD).

The vulnerability occurs in the _inodeaddref() function when processing extrefs. When jumping to the next label, victimname.len has an undefined value since it wasn't initialized before the goto statement. This results in an invalid memory access in the subsequent loop iteration because victim_name.len was not properly initialized with the current extref's name length. The vulnerability has been assigned a CVSS 3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability can lead to invalid memory access during btrfs filesystem operations, potentially causing system instability or crashes. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (RedHat).

The vulnerability has been resolved through a patch that properly initializes victim_name.len with the current extref's name length before processing. Red Hat Enterprise Linux versions 6 through 10, including kernel-rt variants, are not affected by this vulnerability (RedHat).