CVE-2025-38627

EPSS 0.03%
Veröffentlicht 22.08.2025 16:00:35
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

The decompress_io_ctx may be released asynchronously after
I/O completion. If this file is deleted immediately after read,
and the kworker of processing post_read_wq has not been executed yet
due to high workloads, It is possible that the inode(f2fs_inode_info)
is evicted and freed before it is used f2fs_free_dic.

    The UAF case as below:
    Thread A                                      Thread B
    - f2fs_decompress_end_io
     - f2fs_put_dic
      - queue_work
        add free_dic work to post_read_wq
                                                   - do_unlink
                                                    - iput
                                                     - evict
                                                      - call_rcu
    This file is deleted after read.

    Thread C                                 kworker to process post_read_wq
    - rcu_do_batch
     - f2fs_free_inode
      - kmem_cache_free
     inode is freed by rcu
                                             - process_scheduled_works
                                              - f2fs_late_free_dic
                                               - f2fs_free_dic
                                                - f2fs_release_decomp_mem
                                      read (dic->inode)->i_compress_algorithm

This patch store compress_algorithm and sbi in dic to avoid inode UAF.

In addition, the previous solution is deprecated in [1] may cause system hang.
[1] https://lore.kernel.org/all/c36ab955-c8db-4a8b-a9d0-f07b5f426c3f@kernel.org

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9

Version bff139b49d9f70c1ac5384aac94554846aa834de

Status affected

Version < 39868685c2a94a70762bc6d77dc81d781d05bff5

Version bff139b49d9f70c1ac5384aac94554846aa834de

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.0

Status affected

Version < 6.0

Version 0

Status unaffected

Version <= 6.16.*

Version 6.16.1

Status unaffected

Version <= *

Version 6.17-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9

https://git.kernel.org/stable/c/39868685c2a94a70762bc6d77dc81d781d05bff5

https://nvd.nist.gov/vuln/detail/CVE-2025-38627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38627

EUVD