{"vulnerability": "CVE-2025-37827", "sightings": [{"uuid": "c544b0b3-ae46-4d5e-93fd-9b82f683ae0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37827", "type": "seen", "source": "https://t.me/cvedetector/24807", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37827 - Here is a title for the vulnerability: \"btrfs: RAID1 Profile Write Pointer Offset Mismatch NULL Pointer Dereference\"\", \n  \"Content\": \"CVE ID : CVE-2025-37827 \nPublished : May 8, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbtrfs: zoned: return EIO on RAID1 block group write pointer mismatch  \n  \nThere was a bug report about a NULL pointer dereference in  \n__btrfs_add_free_space_zoned() that ultimately happens because a  \nconversion from the default metadata profile DUP to a RAID1 profile on two  \ndisks.  \n  \nThe stack trace has the following signature:  \n  \n  BTRFS error (device sdc): zoned: write pointer offset mismatch of zones in raid1 profile  \n  BUG: kernel NULL pointer dereference, address: 0000000000000058  \n  #PF: supervisor read access in kernel mode  \n  #PF: error_code(0x0000) - not-present page  \n  PGD 0 P4D 0  \n  Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI  \n  RIP: 0010:__btrfs_add_free_space_zoned.isra.0+0x61/0x1a0  \n  RSP: 0018:ffffa236b6f3f6d0 EFLAGS: 00010246  \n  RAX: 0000000000000000 RBX: ffff96c8132f3400 RCX: 0000000000000001  \n  RDX: 0000000010000000 RSI: 0000000000000000 RDI: ffff96c8132f3410  \n  RBP: 0000000010000000 R08: 0000000000000003 R09: 0000000000000000  \n  R10: 0000000000000000 R11: 00000000ffffffff R12: 0000000000000000  \n  R13: ffff96c758f65a40 R14: 0000000000000001 R15: 000011aac0000000  \n  FS: 00007fdab1cb2900(0000) GS:ffff96e60ca00000(0000) knlGS:0000000000000000  \n  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033  \n  CR2: 0000000000000058 CR3: 00000001a05ae000 CR4: 0000000000350ef0  \n  Call Trace:  \n    \n  ? __die_body.cold+0x19/0x27  \n  ? page_fault_oops+0x15c/0x2f0  \n  ? exc_page_fault+0x7e/0x180  \n  ? asm_exc_page_fault+0x26/0x30  \n  ? __btrfs_add_free_space_zoned.isra.0+0x61/0x1a0  \n  btrfs_add_free_space_async_trimmed+0x34/0x40  \n  btrfs_add_new_free_space+0x107/0x120  \n  btrfs_make_block_group+0x104/0x2b0  \n  btrfs_create_chunk+0x977/0xf20  \n  btrfs_chunk_alloc+0x174/0x510  \n  ? srso_return_thunk+0x5/0x5f  \n  btrfs_inc_block_group_ro+0x1b1/0x230  \n  btrfs_relocate_block_group+0x9e/0x410  \n  btrfs_relocate_chunk+0x3f/0x130  \n  btrfs_balance+0x8ac/0x12b0  \n  ? srso_return_thunk+0x5/0x5f  \n  ? srso_return_thunk+0x5/0x5f  \n  ? __kmalloc_cache_noprof+0x14c/0x3e0  \n  btrfs_ioctl+0x2686/0x2a80  \n  ? srso_return_thunk+0x5/0x5f  \n  ? ioctl_has_perm.constprop.0.isra.0+0xd2/0x120  \n  __x64_sys_ioctl+0x97/0xc0  \n  do_syscall_64+0x82/0x160  \n  ? srso_return_thunk+0x5/0x5f  \n  ? __memcg_slab_free_hook+0x11a/0x170  \n  ? srso_return_thunk+0x5/0x5f  \n  ? kmem_cache_free+0x3f0/0x450  \n  ? srso_return_thunk+0x5/0x5f  \n  ? srso_return_thunk+0x5/0x5f  \n  ? syscall_exit_to_user_mode+0x10/0x210  \n  ? srso_return_thunk+0x5/0x5f  \n  ? do_syscall_64+0x8e/0x160  \n  ? sysfs_emit+0xaf/0xc0  \n  ? srso_return_thunk+0x5/0x5f  \n  ? srso_return_thunk+0x5/0x5f  \n  ? seq_read_iter+0x207/0x460  \n  ? srso_return_thunk+0x5/0x5f  \n  ? vfs_read+0x29c/0x370  \n  ? srso_return_thunk+0x5/0x5f  \n  ? srso_return_thunk+0x5/0x5f  \n  ? syscall_exit_to_user_mode+0x10/0x210  \n  ? srso_return_thunk+0x5/0x5f  \n  ? do_syscall_64+0x8e/0x160  \n  ? srso_return_thunk+0x5/0x5f  \n  ? exc_page_fault+0x7e/0x180  \n  entry_SYSCALL_64_after_hwframe+0x76/0x7e  \n  RIP: 0033:0x7fdab1e0ca6d  \n  RSP: 002b:00007ffeb2b60c80 EFLAGS: 00000246 ORIG_RAX: 0000000000000010  \n  RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fdab1e0ca6d  \n  RDX: 00007ffeb2b60d80 RSI: 00000000c4009420 RDI: 0000000000000003  \n  RBP: 00007ffeb2b60cd0 R08: 0000000000000000 R09: 0000000000000013  \n  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000  \n  R13: 00007ffeb2b6343b R14: 00007ffeb2b60d80 R15: 0000000000000001  \n    \n  CR2: 0000000000000058  \n  ---[ end trace 0000000000000000 ]---  \n  \nThe 1st line is the most interesting here:  \n  \n BTRFS error (device sdc): zoned: write pointer offset mismatch of zones in raid1 profile  \n  \nWhen a RAID1 block-group is created and a writ[...]", "creation_timestamp": "2025-05-08T11:45:07.000000Z"}, {"uuid": "2aef7889-160f-4f43-b038-9ef4b36251ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37827", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lonebx2sjxj2", "content": "", "creation_timestamp": "2025-05-08T07:11:51.709538Z"}, {"uuid": "b44d4e3d-a4fb-46a7-b531-5dbcadecb2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37827", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3loniqrqh2h2h", "content": "", "creation_timestamp": "2025-05-08T08:31:40.154806Z"}]}