CVE-2025-68337

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted<br /> <br /> There&amp;#39;s issue when file system corrupted:<br /> ------------[ cut here ]------------<br /> kernel BUG at fs/jbd2/transaction.c:1289!<br /> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI<br /> CPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next<br /> RIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0<br /> RSP: 0018:ffff888117aafa30 EFLAGS: 00010202<br /> RAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534<br /> RDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010<br /> RBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028<br /> R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000<br /> R13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> __ext4_journal_get_create_access+0x42/0x170<br /> ext4_getblk+0x319/0x6f0<br /> ext4_bread+0x11/0x100<br /> ext4_append+0x1e6/0x4a0<br /> ext4_init_new_dir+0x145/0x1d0<br /> ext4_mkdir+0x326/0x920<br /> vfs_mkdir+0x45c/0x740<br /> do_mkdirat+0x234/0x2f0<br /> __x64_sys_mkdir+0xd6/0x120<br /> do_syscall_64+0x5f/0xfa0<br /> entry_SYSCALL_64_after_hwframe+0x76/0x7e<br /> <br /> The above issue occurs with us in errors=continue mode when accompanied by<br /> storage failures. There have been many inconsistencies in the file system<br /> data.<br /> In the case of file system data inconsistency, for example, if the block<br /> bitmap of a referenced block is not set, it can lead to the situation where<br /> a block being committed is allocated and used again. As a result, the<br /> following condition will not be satisfied then trigger BUG_ON. Of course,<br /> it is entirely possible to construct a problematic image that can trigger<br /> this BUG_ON through specific operations. In fact, I have constructed such<br /> an image and easily reproduced this issue.<br /> Therefore, J_ASSERT() holds true only under ideal conditions, but it may<br /> not necessarily be satisfied in exceptional scenarios. Using J_ASSERT()<br /> directly in abnormal situations would cause the system to crash, which is<br /> clearly not what we want. So here we directly trigger a JBD abort instead<br /> of immediately invoking BUG_ON.