-

CVE-2025-39731

In the Linux kernel, the following vulnerability has been resolved:

f2fs: vm_unmap_ram() may be called from an invalid context

When testing F2FS with xfstests using UFS backed virtual disks the
kernel complains sometimes that f2fs_release_decomp_mem() calls
vm_unmap_ram() from an invalid context. Example trace from
f2fs/007 test:

f2fs/007 5s ...  [12:59:38][    8.902525] run fstests f2fs/007
[   11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978
[   11.471849] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 68, name: irq/22-ufshcd
[   11.475357] preempt_count: 1, expected: 0
[   11.476970] RCU nest depth: 0, expected: 0
[   11.478531] CPU: 0 UID: 0 PID: 68 Comm: irq/22-ufshcd Tainted: G        W           6.16.0-rc5-xfstests-ufs-g40f92e79b0aa #9 PREEMPT(none)
[   11.478535] Tainted: [W]=WARN
[   11.478536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.478537] Call Trace:
[   11.478543]  <TASK>
[   11.478545]  dump_stack_lvl+0x4e/0x70
[   11.478554]  __might_resched.cold+0xaf/0xbe
[   11.478557]  vm_unmap_ram+0x21/0xb0
[   11.478560]  f2fs_release_decomp_mem+0x59/0x80
[   11.478563]  f2fs_free_dic+0x18/0x1a0
[   11.478565]  f2fs_finish_read_bio+0xd7/0x290
[   11.478570]  blk_update_request+0xec/0x3b0
[   11.478574]  ? sbitmap_queue_clear+0x3b/0x60
[   11.478576]  scsi_end_request+0x27/0x1a0
[   11.478582]  scsi_io_completion+0x40/0x300
[   11.478583]  ufshcd_mcq_poll_cqe_lock+0xa3/0xe0
[   11.478588]  ufshcd_sl_intr+0x194/0x1f0
[   11.478592]  ufshcd_threaded_intr+0x68/0xb0
[   11.478594]  ? __pfx_irq_thread_fn+0x10/0x10
[   11.478599]  irq_thread_fn+0x20/0x60
[   11.478602]  ? __pfx_irq_thread_fn+0x10/0x10
[   11.478603]  irq_thread+0xb9/0x180
[   11.478605]  ? __pfx_irq_thread_dtor+0x10/0x10
[   11.478607]  ? __pfx_irq_thread+0x10/0x10
[   11.478609]  kthread+0x10a/0x230
[   11.478614]  ? __pfx_kthread+0x10/0x10
[   11.478615]  ret_from_fork+0x7e/0xd0
[   11.478619]  ? __pfx_kthread+0x10/0x10
[   11.478621]  ret_from_fork_asm+0x1a/0x30
[   11.478623]  </TASK>

This patch modifies in_task() check inside f2fs_read_end_io() to also
check if interrupts are disabled. This ensures that pages are unmapped
asynchronously in an interrupt handler.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
Product Linux
Default Statusunaffected
Version < eb69e69a5ae6c8350957893b5f68bd55b1565fb2
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
Version < 1023836d1b9465593c8746f97d608da32958785f
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
Version < 0fe7976b62546f1e95eebfe9879925e9aa22b7a8
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
Version < 411e00f44e2e1a7fdb526013b25a7f0ed22a0947
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
Version < 18eea36f4f460ead3750ed4afe5496f7ce55f99e
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
Version < 08a7efc5b02a0620ae16aa9584060e980a69cb55
Version bff139b49d9f70c1ac5384aac94554846aa834de
Status affected
VendorLinux
Product Linux
Default Statusaffected
Version 6.0
Status affected
Version < 6.0
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.148
Status unaffected
Version <= 6.6.*
Version 6.6.102
Status unaffected
Version <= 6.12.*
Version 6.12.42
Status unaffected
Version <= 6.15.*
Version 6.15.10
Status unaffected
Version <= 6.16.*
Version 6.16.1
Status unaffected
Version <= *
Version 6.17-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.093
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string