Linux Kernel Vulnerability in EROFS File I/O Mechanism
CVE-2025-37999
What is CVE-2025-37999?
A vulnerability exists in the EROFS file I/O mechanism within the Linux kernel, where the improper sequencing of function calls can lead to a locking issue. Specifically, when the bio_add_folio() function fails, the erofs_onlinefolio_split() should not be called until after a successful I/O request submission. This flaw, introduced by a prior commit, could allow for a permanent lock on folios, thereby impeding system performance and stability. The issue has become more pronounced following recent changes that reduced the capacity for folio handling, making it easier to exploit through user-space readahead commands.
Affected Version(s)
Linux ce63cb62d794c98c7631c2296fa845f2a8d0a4a1 < 61e0fc3312309867e5a3495329dad0286d2a5703
Linux ce63cb62d794c98c7631c2296fa845f2a8d0a4a1
Linux ce63cb62d794c98c7631c2296fa845f2a8d0a4a1