cve-2025-37925
Vulnerability from cvelistv5
Published
2025-04-18 07:01
Modified
2025-04-18 07:01
Severity ?
Summary
jfs: reject on-disk inodes of an unsupported type
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8987891c4653874d5e3f5d11f063912f4e0b58ebPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9Patch
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_imap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8987891c4653874d5e3f5d11f063912f4e0b58eb",
              "status": "affected",
              "version": "79ac5a46c5c1c17476fbf84b4d4600d6d565defd",
              "versionType": "git"
            },
            {
              "lessThan": "8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9",
              "status": "affected",
              "version": "79ac5a46c5c1c17476fbf84b4d4600d6d565defd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/jfs_imap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: reject on-disk inodes of an unsupported type\n\nSyzbot has reported the following BUG:\n\nkernel BUG at fs/inode.c:668!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nRIP: 0010:clear_inode+0x168/0x190\nCode: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7\n 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f\nRSP: 0018:ffffc900027dfae8 EFLAGS: 00010093\nRAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\nRBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38\nR10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000\nR13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80\nFS:  0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x5f/0xb0\n ? die+0x9e/0xc0\n ? do_trap+0x15a/0x3a0\n ? clear_inode+0x168/0x190\n ? do_error_trap+0x1dc/0x2c0\n ? clear_inode+0x168/0x190\n ? __pfx_do_error_trap+0x10/0x10\n ? report_bug+0x3cd/0x500\n ? handle_invalid_op+0x34/0x40\n ? clear_inode+0x168/0x190\n ? exc_invalid_op+0x38/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? clear_inode+0x57/0x190\n ? clear_inode+0x167/0x190\n ? clear_inode+0x168/0x190\n ? clear_inode+0x167/0x190\n jfs_evict_inode+0xb5/0x440\n ? __pfx_jfs_evict_inode+0x10/0x10\n evict+0x4ea/0x9b0\n ? __pfx_evict+0x10/0x10\n ? iput+0x713/0xa50\n txUpdateMap+0x931/0xb10\n ? __pfx_txUpdateMap+0x10/0x10\n jfs_lazycommit+0x49a/0xb80\n ? _raw_spin_unlock_irqrestore+0x8f/0x140\n ? lockdep_hardirqs_on+0x99/0x150\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_default_wake_function+0x10/0x10\n ? __kthread_parkme+0x169/0x1d0\n ? __pfx_jfs_lazycommit+0x10/0x10\n kthread+0x2f2/0x390\n ? __pfx_jfs_lazycommit+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x4d/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThis happens when \u0027clear_inode()\u0027 makes an attempt to finalize an underlying\nJFS inode of unknown type. According to JFS layout description from\nhttps://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to\n15 are reserved for future extensions and should not be encountered on a valid\nfilesystem. So add an extra check for valid inode type in \u0027copy_from_dinode()\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-18T07:01:29.491Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8987891c4653874d5e3f5d11f063912f4e0b58eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9"
        }
      ],
      "title": "jfs: reject on-disk inodes of an unsupported type",
      "x_generator": {
        "engine": "bippy-1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37925",
    "datePublished": "2025-04-18T07:01:29.491Z",
    "dateReserved": "2025-04-16T04:51:23.969Z",
    "dateUpdated": "2025-04-18T07:01:29.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-37925\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-18T07:15:43.090\",\"lastModified\":\"2025-04-29T16:44:08.020\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\njfs: reject on-disk inodes of an unsupported type\\n\\nSyzbot has reported the following BUG:\\n\\nkernel BUG at fs/inode.c:668!\\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\\nCPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\\nRIP: 0010:clear_inode+0x168/0x190\\nCode: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7\\n 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f\\nRSP: 0018:ffffc900027dfae8 EFLAGS: 00010093\\nRAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980\\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\\nRBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38\\nR10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000\\nR13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80\\nFS:  0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0\\nCall Trace:\\n \u003cTASK\u003e\\n ? __die_body+0x5f/0xb0\\n ? die+0x9e/0xc0\\n ? do_trap+0x15a/0x3a0\\n ? clear_inode+0x168/0x190\\n ? do_error_trap+0x1dc/0x2c0\\n ? clear_inode+0x168/0x190\\n ? __pfx_do_error_trap+0x10/0x10\\n ? report_bug+0x3cd/0x500\\n ? handle_invalid_op+0x34/0x40\\n ? clear_inode+0x168/0x190\\n ? exc_invalid_op+0x38/0x50\\n ? asm_exc_invalid_op+0x1a/0x20\\n ? clear_inode+0x57/0x190\\n ? clear_inode+0x167/0x190\\n ? clear_inode+0x168/0x190\\n ? clear_inode+0x167/0x190\\n jfs_evict_inode+0xb5/0x440\\n ? __pfx_jfs_evict_inode+0x10/0x10\\n evict+0x4ea/0x9b0\\n ? __pfx_evict+0x10/0x10\\n ? iput+0x713/0xa50\\n txUpdateMap+0x931/0xb10\\n ? __pfx_txUpdateMap+0x10/0x10\\n jfs_lazycommit+0x49a/0xb80\\n ? _raw_spin_unlock_irqrestore+0x8f/0x140\\n ? lockdep_hardirqs_on+0x99/0x150\\n ? __pfx_jfs_lazycommit+0x10/0x10\\n ? __pfx_default_wake_function+0x10/0x10\\n ? __kthread_parkme+0x169/0x1d0\\n ? __pfx_jfs_lazycommit+0x10/0x10\\n kthread+0x2f2/0x390\\n ? __pfx_jfs_lazycommit+0x10/0x10\\n ? __pfx_kthread+0x10/0x10\\n ret_from_fork+0x4d/0x80\\n ? __pfx_kthread+0x10/0x10\\n ret_from_fork_asm+0x1a/0x30\\n \u003c/TASK\u003e\\n\\nThis happens when \u0027clear_inode()\u0027 makes an attempt to finalize an underlying\\nJFS inode of unknown type. According to JFS layout description from\\nhttps://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to\\n15 are reserved for future extensions and should not be encountered on a valid\\nfilesystem. So add an extra check for valid inode type in \u0027copy_from_dinode()\u0027.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: rechaza inodos en disco de un tipo no compatible Syzbot ha informado del siguiente ERROR: \u00a1ERROR del kernel en fs/inode.c:668! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit No contaminado 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace:  ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30   Esto ocurre cuando \u0027clear_inode()\u0027 intenta finalizar un inodo JFS subyacente de tipo desconocido. Seg\u00fan la descripci\u00f3n del dise\u00f1o JFS de https://jfs.sourceforge.net/project/pub/jfslayout.pdf, los tipos de inodo del 5 al 15 est\u00e1n reservados para futuras extensiones y no deber\u00edan encontrarse en un sistema de archivos v\u00e1lido. Por lo tanto, a\u00f1ada una comprobaci\u00f3n adicional para el tipo de inodo v\u00e1lido en \u0027copy_from_dinode()\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1\",\"versionEndExcluding\":\"6.14.2\",\"matchCriteriaId\":\"2989FFC5-ECF9-4B72-ADBA-78A3A5220C13\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/8987891c4653874d5e3f5d11f063912f4e0b58eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.