CVE-2025-68356

EPSS 0.03%
Veröffentlicht 24.12.2025 10:32:46
Zuletzt bearbeitet 29.12.2025 15:58:56
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Prevent recursive memory reclaim

Function new_inode() returns a new inode with inode->i_mapping->gfp_mask
set to GFP_HIGHUSER_MOVABLE.  This value includes the __GFP_FS flag, so
allocations in that address space can recurse into filesystem memory
reclaim.  We don't want that to happen because it can consume a
significant amount of stack memory.

Worse than that is that it can also deadlock: for example, in several
places, gfs2_unstuff_dinode() is called inside filesystem transactions.
This calls filemap_grab_folio(), which can allocate a new folio, which
can trigger memory reclaim.  If memory reclaim recurses into the
filesystem and starts another transaction, a deadlock will ensue.

To fix these kinds of problems, prevent memory reclaim from recursing
into filesystem code by making sure that the gfp_mask of inode address
spaces doesn't include __GFP_FS.

The "meta" and resource group address spaces were already using GFP_NOFS
as their gfp_mask (which doesn't include __GFP_FS).  The default value
of GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though.  To
avoid being overly limiting, use the default value and only knock off
the __GFP_FS flag.  I'm not sure if this will actually make a
difference, but it also shouldn't hurt.

This patch is loosely based on commit ad22c7a043c2 ("xfs: prevent stack
overflows from page cache allocation").

Fixes xfstest generic/273.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < edb2b255618621dc83d0ec23150e16b2c697077f

Version dc0b9435238c1a68150c798c9c7a1b5d7414cbb9

Status affected

Version < 9c0960ed112398bdb6c60ccf6e6b583bc59acede

Version dc0b9435238c1a68150c798c9c7a1b5d7414cbb9

Status affected

Version < 49e7347f4644d031306d56cb4d51e467cbdcbc69

Version dc0b9435238c1a68150c798c9c7a1b5d7414cbb9

Status affected

Version < 2c5f4a53476e3cab70adc77b38942c066bd2c17c

Version dc0b9435238c1a68150c798c9c7a1b5d7414cbb9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.63

Status unaffected

Version <= 6.17.*

Version 6.17.13

Status unaffected

Version <= 6.18.*

Version 6.18.2

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/edb2b255618621dc83d0ec23150e16b2c697077f

https://git.kernel.org/stable/c/9c0960ed112398bdb6c60ccf6e6b583bc59acede

https://git.kernel.org/stable/c/49e7347f4644d031306d56cb4d51e467cbdcbc69

https://git.kernel.org/stable/c/2c5f4a53476e3cab70adc77b38942c066bd2c17c

https://nvd.nist.gov/vuln/detail/CVE-2025-68356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68356

EUVD