CVE-2025-39800
Description
In the Linux kernel, the following vulnerability has been resolved:
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
If we find an unexpected generation for the extent buffer we are cloning at btrfs_copy_root(), we just WARN_ON() and don't error out and abort the transaction, meaning we allow to persist metadata with an unexpected generation. Instead of warning only, abort the transaction and return -EUCLEAN.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In btrfs_copy_root(), an unexpected extent buffer generation now aborts the transaction instead of only producing a warning, preventing silent metadata corruption.
Vulnerability
Analysis
The Linux kernel's btrfs filesystem contained a flaw in the btrfs_copy_root() function. When cloning an extent buffer, if the function encountered an unexpected generation number for that buffer, it would only produce a WARN_ON() message and continue the operation [1]. This meant that metadata with an incorrect generation could be persisted to disk, silently introducing corruption into the filesystem metadata.
Attack
Vector
The vulnerability is triggered during specific btrfs operations that call btrfs_copy_root(), which is an internal filesystem function. An attacker would need to be able to trigger such operations, potentially by mounting a crafted or corrupted btrfs image. No network-based attack vector is described; exploitation would likely require local access or the ability to inject a malicious filesystem image. The bug does not require authentication beyond the ability to invoke the relevant btrfs operations.
Impact
An unexpected generation in an extent buffer, left unchecked, could lead to filesystem metadata inconsistency. Over time, this can cause data corruption, filesystem instability, or denial of service. In the worst case, it might be leveraged to escalate into more severe integrity violations, though the assigned CVSS score (5.5, Medium) reflects the primary impact on availability and integrity without remote code execution.
Mitigation
The fix, merged into the stable kernel tree via commit references [2], [3], and [4], changes the behavior so that an unexpected generation causes the transaction to abort and returns -EUCLEAN (clean error) instead of proceeding with a warning. Users should apply the latest stable kernel update or the specific cherry-picked commit to their distribution's kernel to ensure protection.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Linux/Linuxv5Range: 2.6.29
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/33e8f24b52d2796b8cfb28c19a1a7dd6476323a8nvdPatch
- git.kernel.org/stable/c/4290e34fb87ae556b12c216efd0ae91583446b7anvdPatch
- git.kernel.org/stable/c/4734255ef39b416864139dcda96a387fe5f33a6anvdPatch
- git.kernel.org/stable/c/da2124719f386b6e5d4d4b1a2e67c440e4d5892fnvdPatch
- git.kernel.org/stable/c/f4f5bd9251a4cbe55aaa05725c6c3c32ad1f74b3nvdPatch
- lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories