2348887 – (CVE-2025-21811) CVE-2025-21811 kernel: nilfs2: protect access to buffers with no active references

Bug 2348887 (CVE-2025-21811) - CVE-2025-21811 kernel: nilfs2: protect access to buffers with no active references

Summary: CVE-2025-21811 kernel: nilfs2: protect access to buffers with no active refer...

Keywords:
Status:	NEW
Alias:	CVE-2025-21811
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-27 21:02 UTC by OSIDB Bzimport
Modified:	2025-02-28 06:42 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-27 21:02:00 UTC

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: protect access to buffers with no active references

nilfs_lookup_dirty_data_buffers(), which iterates through the buffers
attached to dirty data folios/pages, accesses the attached buffers without
locking the folios/pages.

For data cache, nilfs_clear_folio_dirty() may be called asynchronously
when the file system degenerates to read only, so
nilfs_lookup_dirty_data_buffers() still has the potential to cause use
after free issues when buffers lose the protection of their dirty state
midway due to this asynchronous clearing and are unintentionally freed by
try_to_free_buffers().

Eliminate this race issue by adjusting the lock section in this function.

Comment 1 Avinash Hanwate 2025-02-28 06:37:32 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21811-beb7@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.