-

CVE-2025-68264

In the Linux kernel, the following vulnerability has been resolved:

ext4: refresh inline data size before write operations

The cached ei->i_inline_size can become stale between the initial size
check and when ext4_update_inline_data()/ext4_create_inline_data() use
it. Although ext4_get_max_inline_size() reads the correct value at the
time of the check, concurrent xattr operations can modify i_inline_size
before ext4_write_lock_xattr() is acquired.

This causes ext4_update_inline_data() and ext4_create_inline_data() to
work with stale capacity values, leading to a BUG_ON() crash in
ext4_write_inline_data():

  kernel BUG at fs/ext4/inline.c:1331!
  BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);

The race window:
1. ext4_get_max_inline_size() reads i_inline_size = 60 (correct)
2. Size check passes for 50-byte write
3. [Another thread adds xattr, i_inline_size changes to 40]
4. ext4_write_lock_xattr() acquires lock
5. ext4_update_inline_data() uses stale i_inline_size = 60
6. Attempts to write 50 bytes but only 40 bytes actually available
7. BUG_ON() triggers

Fix this by recalculating i_inline_size via ext4_find_inline_data_nolock()
immediately after acquiring xattr_sem. This ensures ext4_update_inline_data()
and ext4_create_inline_data() work with current values that are protected
from concurrent modifications.

This is similar to commit a54c4613dac1 ("ext4: fix race writing to an
inline_data file while its xattrs are changing") which fixed i_inline_off
staleness. This patch addresses the related i_inline_size staleness issue.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 54ab81ae5f218452e64470cd8a8139bb5880fe2b
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 43bf001f0fe4e59bba47c897505222f959f4a1cc
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 89c2c41f0974e530b2d032c3695095aa0559adb1
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 1687a055a555347b002f406676a1aaae4668f242
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 210ac60a86a3ad2c76ae60e0dc71c34af6e7ea0b
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < ca43ea29b4c4d2764aec8a26cffcfb677a871e6e
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 58df743faf21ceb1880f930aa5dd428e2a5e415d
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
Version < 892e1cf17555735e9d021ab036c36bc7b58b0e3b
Version 67cf5b09a46f72e048501b84996f2f77bc42e947
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.8
Status affected
Version < 3.8
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.248
Status unaffected
Version <= 5.15.*
Version 5.15.198
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.62
Status unaffected
Version <= 6.17.*
Version 6.17.12
Status unaffected
Version <= 6.18.*
Version 6.18.1
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.