Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2025-40233

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
04/12/2025
Última modificación:
04/12/2025

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: clear extent cache after moving/defragmenting extents<br /> <br /> The extent map cache can become stale when extents are moved or<br /> defragmented, causing subsequent operations to see outdated extent flags. <br /> This triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().<br /> <br /> The problem occurs when:<br /> 1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED<br /> 2. ioctl(FITRIM) triggers ocfs2_move_extents()<br /> 3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)<br /> 4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()<br /> which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)<br /> 5. The extent map cache is not invalidated after the move<br /> 6. Later write() operations read stale cached flags (0x2) but disk has<br /> updated flags (0x0), causing a mismatch<br /> 7. BUG_ON(!(rec-&gt;e_flags &amp; OCFS2_EXT_REFCOUNTED)) triggers<br /> <br /> Fix by clearing the extent map cache after each extent move/defrag<br /> operation in __ocfs2_move_extents_range(). This ensures subsequent<br /> operations read fresh extent data from disk.

Impacto

Referencias a soluciones, herramientas e información