Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-21908

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2025
Last modified:
15/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback<br /> <br /> Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so<br /> nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.<br /> <br /> Otherwise NFS can deadlock waiting for kcompactd enduced writeback which<br /> recurses back to NFS (which triggers writeback to NFSD via NFS loopback<br /> mount on the same host, NFSD blocks waiting for XFS&amp;#39;s call to<br /> __filemap_get_folio):<br /> <br /> 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.<br /> <br /> {---<br /> [58] "kcompactd0"<br /> [] folio_wait_bit+0xe8/0x200<br /> [] folio_wait_writeback+0x2b/0x80<br /> [] nfs_wb_folio+0x80/0x1b0 [nfs]<br /> [] nfs_release_folio+0x68/0x130 [nfs]<br /> [] split_huge_page_to_list_to_order+0x362/0x840<br /> [] migrate_pages_batch+0x43d/0xb90<br /> [] migrate_pages_sync+0x9a/0x240<br /> [] migrate_pages+0x93c/0x9f0<br /> [] compact_zone+0x8e2/0x1030<br /> [] compact_node+0xdb/0x120<br /> [] kcompactd+0x121/0x2e0<br /> [] kthread+0xcf/0x100<br /> [] ret_from_fork+0x31/0x40<br /> [] ret_from_fork_asm+0x1a/0x30<br /> ---}<br /> <br /> [akpm@linux-foundation.org: fix build]

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.3 (including) 6.6.83 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools