CVE-2025-22036

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> exfat: fix random stack corruption after get_block<br /> <br /> When get_block is called with a buffer_head allocated on the stack, such<br /> as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in<br /> the following race condition situation.<br /> <br /> <br /> mpage_read_folio<br /> <br /> do_mpage_readpage<br /> exfat_get_block<br /> bh_read<br /> __bh_read<br /> get_bh(bh)<br /> submit_bh<br /> wait_on_buffer<br /> ...<br /> end_buffer_read_sync<br /> __end_buffer_read_notouch<br /> unlock_buffer<br /> <br /> ...<br /> ...<br /> ...<br /> ...<br /> <br /> .<br /> .<br /> another_function<br /> <br /> put_bh(bh)<br /> atomic_dec(bh-&gt;b_count)<br /> * stack corruption here *<br /> <br /> This patch returns -EAGAIN if a folio does not have buffers when bh_read<br /> needs to be called. By doing this, the caller can fallback to functions<br /> like block_read_full_folio(), create a buffer_head in the folio, and then<br /> call get_block again.<br /> <br /> Let&amp;#39;s do not call bh_read() with on-stack buffer_head.