CVE-2025-38580

EPSS 0.02%
Veröffentlicht 19.08.2025 17:15:35
Zuletzt bearbeitet 20.08.2025 14:40:17
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix inode use after free in ext4_end_io_rsv_work()

In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to
avoid adding an io_end that requires no conversion to the
i_rsv_conversion_list, which in turn prevents starting an unnecessary
worker. An ext4_emergency_state() check is also added to avoid attempting
to abort the journal in an emergency state.

Additionally, ext4_put_io_end_defer() is refactored to call
ext4_io_end_defer_completion() directly instead of being open-coded.
This also prevents starting an unnecessary worker when EXT4_IO_END_FAILED
is set but data_err=abort is not enabled.

This ensures that the check in ext4_put_io_end_defer() is consistent with
the check in ext4_end_bio(). Otherwise, we might add an io_end to the
i_rsv_conversion_list and then call ext4_finish_bio(), after which the
inode could be freed before ext4_end_io_rsv_work() is called, triggering
a use-after-free issue.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ac999862b98a0f49e858e509f776be51406f1e77

Version ce51afb8cc5e1867ea0dfdf5e92ddbe31a1fad5d

Status affected

Version < 469c44e66e2110054949609dde095788320139d0

Version ce51afb8cc5e1867ea0dfdf5e92ddbe31a1fad5d

Status affected

Version < c678bdc998754589cea2e6afab9401d7d8312ac4

Version ce51afb8cc5e1867ea0dfdf5e92ddbe31a1fad5d

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.15.*

Version 6.15.10

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/469c44e66e2110054949609dde095788320139d0

https://git.kernel.org/stable/c/ac999862b98a0f49e858e509f776be51406f1e77

https://git.kernel.org/stable/c/c678bdc998754589cea2e6afab9401d7d8312ac4

https://nvd.nist.gov/vuln/detail/CVE-2025-38580

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38580

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38580

EUVD