CVE-2025-21811: nilfs2: protect access to buffers with no active references
First published: Thu Feb 27 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfs_lookup_dirty_data_buffers(), which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For data cache, nilfs_clear_folio_dirty() may be called asynchronously when the file system degenerates to read only, so nilfs_lookup_dirty_data_buffers() still has the potential to cause use after free issues when buffers lose the protection of their dirty state midway due to this asynchronous clearing and are unintentionally freed by try_to_free_buffers(). Eliminate this race issue by adjusting the lock section in this function.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=3.10<5.4.291 | |
| Linux Kernel | >=5.5<5.10.235 | |
| Linux Kernel | >=5.11<5.15.179 | |
| Linux Kernel | >=5.16<6.1.129 | |
| Linux Kernel | >=6.2<6.6.76 | |
| Linux Kernel | >=6.7<6.12.13 | |
| Linux Kernel | >=6.13<6.13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/367a9bffabe08c04f6d725032cce3d891b2b9e1a
- https://git.kernel.org/stable/c/4b08d23d7d1917bef4fbee8ad81372f49b006656
- https://git.kernel.org/stable/c/58c27fa7a610b6e8d44e6220e7dbddfbaccaf439
- https://git.kernel.org/stable/c/8e1b9201c9a24638cf09c6e1c9f224157328010b
- https://git.kernel.org/stable/c/c437dfac9f7a5a46ac2a5e6d6acd3059e9f68188
- https://git.kernel.org/stable/c/e1fc4a90a90ea8514246c45435662531975937d9
- https://git.kernel.org/stable/c/72cf688d0ce7e642b12ddc9b2a42524737ec1b4a
- https://git.kernel.org/stable/c/d8ff250e085a4c4cdda4ad1cdd234ed110393143
Frequently Asked Questions
What is the severity of CVE-2025-21811?
CVE-2025-21811 has been classified with a severity level that highlights its potential risk to system stability and data integrity.
How do I fix CVE-2025-21811?
To fix CVE-2025-21811, update your Linux kernel to a version that includes the applicable patches for this vulnerability.
What is the impact of CVE-2025-21811 on Linux kernel users?
The impact of CVE-2025-21811 on Linux kernel users involves possible data corruption due to improper access to buffers without sufficient locking.
Which versions of the Linux kernel are affected by CVE-2025-21811?
CVE-2025-21811 affects certain versions of the Linux kernel prior to the implementation of protective measures in the released patches.
Is there a workaround for CVE-2025-21811 until a fix is applied?
Currently, no specific workaround is recommended for CVE-2025-21811 until an official fix has been implemented.
- agent/title
- agent/author
- agent/source
- agent/description
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.10
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13