CVE-2025-38580

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix inode use after free in ext4_end_io_rsv_work()<br /> <br /> In ext4_io_end_defer_completion(), check if io_end-&gt;list_vec is empty to<br /> avoid adding an io_end that requires no conversion to the<br /> i_rsv_conversion_list, which in turn prevents starting an unnecessary<br /> worker. An ext4_emergency_state() check is also added to avoid attempting<br /> to abort the journal in an emergency state.<br /> <br /> Additionally, ext4_put_io_end_defer() is refactored to call<br /> ext4_io_end_defer_completion() directly instead of being open-coded.<br /> This also prevents starting an unnecessary worker when EXT4_IO_END_FAILED<br /> is set but data_err=abort is not enabled.<br /> <br /> This ensures that the check in ext4_put_io_end_defer() is consistent with<br /> the check in ext4_end_bio(). Otherwise, we might add an io_end to the<br /> i_rsv_conversion_list and then call ext4_finish_bio(), after which the<br /> inode could be freed before ext4_end_io_rsv_work() is called, triggering<br /> a use-after-free issue.