Race Condition Vulnerability in Linux Kernel nilfs2 Product by Linux Community
CVE-2025-21811

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A race condition in the nilfs2 implementation of the Linux kernel may lead to unsafe memory access in the event of asynchronous operations. Specifically, when the file system transitions to a read-only state, the nilfs_lookup_dirty_data_buffers function is at risk of encountering buffers that have lost their protection status. This may occur if nilfs_clear_folio_dirty is invoked simultaneously, resulting in potential use-after-free vulnerabilities as buffers could be inadvertently freed. To mitigate this risk, improvements were made to the locking mechanisms within the related functions, ensuring that access to buffers remains safely synchronized.

Affected Version(s)

Linux 8c26c4e2694a163d525976e804d81cd955bbb40c < 58c27fa7a610b6e8d44e6220e7dbddfbaccaf439

Linux 8c26c4e2694a163d525976e804d81cd955bbb40c < 8e1b9201c9a24638cf09c6e1c9f224157328010b

Linux 8c26c4e2694a163d525976e804d81cd955bbb40c < 4b08d23d7d1917bef4fbee8ad81372f49b006656

References

https://git.kernel.org/stable/c/58c27fa7a610b6e8d44e6220e...

https://git.kernel.org/stable/c/8e1b9201c9a24638cf09c6e1c...

https://git.kernel.org/stable/c/4b08d23d7d1917bef4fbee8ad...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024