Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-22127

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/04/2025
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix potential deadloop in prepare_compress_overwrite()<br /> <br /> Jan Prusakowski reported a kernel hang issue as below:<br /> <br /> When running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I<br /> encountered a problem in generic/475 test where fsstress process<br /> gets blocked in __f2fs_write_data_pages() and the test hangs.<br /> The options I used are:<br /> <br /> MKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc<br /> MOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc<br /> <br /> INFO: task kworker/u8:0:11 blocked for more than 122 seconds.<br /> Not tainted 6.14.0-rc3-xfstests-lockdep #1<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000<br /> Workqueue: writeback wb_workfn (flush-253:0)<br /> Call Trace:<br /> <br /> __schedule+0x309/0x8e0<br /> schedule+0x3a/0x100<br /> schedule_preempt_disabled+0x15/0x30<br /> __mutex_lock+0x59a/0xdb0<br /> __f2fs_write_data_pages+0x3ac/0x400<br /> do_writepages+0xe8/0x290<br /> __writeback_single_inode+0x5c/0x360<br /> writeback_sb_inodes+0x22f/0x570<br /> wb_writeback+0xb0/0x410<br /> wb_do_writeback+0x47/0x2f0<br /> wb_workfn+0x5a/0x1c0<br /> process_one_work+0x223/0x5b0<br /> worker_thread+0x1d5/0x3c0<br /> kthread+0xfd/0x230<br /> ret_from_fork+0x31/0x50<br /> ret_from_fork_asm+0x1a/0x30<br /> <br /> <br /> The root cause is: once generic/475 starts toload error table to dm<br /> device, f2fs_prepare_compress_overwrite() will loop reading compressed<br /> cluster pages due to IO error, meanwhile it has held .writepages lock,<br /> it can block all other writeback tasks.<br /> <br /> Let&amp;#39;s fix this issue w/ below changes:<br /> - add f2fs_handle_page_eio() in prepare_compress_overwrite() to<br /> detect IO error.<br /> - detect cp_error earler in f2fs_read_multi_pages().

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.6 (including) 6.14.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools