cve/published/2025/CVE-2025-22120.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-22120: ext4: goto right label 'out_mmap_sem' in ext4_setattr()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: goto right label 'out_mmap_sem' in ext4_setattr()

 Otherwise, if ext4_inode_attach_jinode() fails, a hung task will
 happen because filemap_invalidate_unlock() isn't called to unlock
 mapping->invalidate_lock. Like this:

 EXT4-fs error (device sda) in ext4_setattr:5557: Out of memory
 INFO: task fsstress:374 blocked for more than 122 seconds.
       Not tainted 6.14.0-rc1-next-20250206-xfstests-dirty #726
 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
 task:fsstress state:D stack:0     pid:374   tgid:374   ppid:373
                                   task_flags:0x440140 flags:0x00000000
 Call Trace:
  <TASK>
  __schedule+0x2c9/0x7f0
  schedule+0x27/0xa0
  schedule_preempt_disabled+0x15/0x30
  rwsem_down_read_slowpath+0x278/0x4c0
  down_read+0x59/0xb0
  page_cache_ra_unbounded+0x65/0x1b0
  filemap_get_pages+0x124/0x3e0
  filemap_read+0x114/0x3d0
  vfs_read+0x297/0x360
  ksys_read+0x6c/0xe0
  do_syscall_64+0x4b/0x110
  entry_SYSCALL_64_after_hwframe+0x76/0x7e

 The Linux kernel CVE team has assigned CVE-2025-22120 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 6.6.70 with commit 93011887013dbaa0e3a0285176ca89be153df651 and fixed in 6.6.89 with commit 551667f99bcf04fa58594d7d19aef73c861a1200
 	Issue introduced in 6.12.5 with commit b6ce2dbe984bcd7fb0c1df15b5e2fa57e1574a8e and fixed in 6.12.26 with commit 45314999f950321a341033ae8f9ac12dce40669b
 	Issue introduced in 6.13 with commit c7fc0366c65628fd69bfc310affec4918199aae2 and fixed in 6.14.2 with commit 32d872e3905746ff1048078256cb00f946b97d8a
 	Issue introduced in 6.13 with commit c7fc0366c65628fd69bfc310affec4918199aae2 and fixed in 6.15 with commit 7e91ae31e2d264155dfd102101afc2de7bd74a64

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-22120
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ext4/inode.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/551667f99bcf04fa58594d7d19aef73c861a1200
 	https://git.kernel.org/stable/c/45314999f950321a341033ae8f9ac12dce40669b
 	https://git.kernel.org/stable/c/32d872e3905746ff1048078256cb00f946b97d8a
 	https://git.kernel.org/stable/c/7e91ae31e2d264155dfd102101afc2de7bd74a64
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-22120: ext4: goto right label 'out_mmap_sem' in ext4_setattr()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ext4: goto right label 'out_mmap_sem' in ext4_setattr()

	Otherwise, if ext4_inode_attach_jinode() fails, a hung task will
	happen because filemap_invalidate_unlock() isn't called to unlock
	mapping->invalidate_lock. Like this:

	EXT4-fs error (device sda) in ext4_setattr:5557: Out of memory
	INFO: task fsstress:374 blocked for more than 122 seconds.
	Not tainted 6.14.0-rc1-next-20250206-xfstests-dirty #726
	"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
	task:fsstress state:D stack:0 pid:374 tgid:374 ppid:373
	task_flags:0x440140 flags:0x00000000
	Call Trace:
	<TASK>
	__schedule+0x2c9/0x7f0
	schedule+0x27/0xa0
	schedule_preempt_disabled+0x15/0x30
	rwsem_down_read_slowpath+0x278/0x4c0
	down_read+0x59/0xb0
	page_cache_ra_unbounded+0x65/0x1b0
	filemap_get_pages+0x124/0x3e0
	filemap_read+0x114/0x3d0
	vfs_read+0x297/0x360
	ksys_read+0x6c/0xe0
	do_syscall_64+0x4b/0x110
	entry_SYSCALL_64_after_hwframe+0x76/0x7e

	The Linux kernel CVE team has assigned CVE-2025-22120 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 6.6.70 with commit 93011887013dbaa0e3a0285176ca89be153df651 and fixed in 6.6.89 with commit 551667f99bcf04fa58594d7d19aef73c861a1200
	Issue introduced in 6.12.5 with commit b6ce2dbe984bcd7fb0c1df15b5e2fa57e1574a8e and fixed in 6.12.26 with commit 45314999f950321a341033ae8f9ac12dce40669b
	Issue introduced in 6.13 with commit c7fc0366c65628fd69bfc310affec4918199aae2 and fixed in 6.14.2 with commit 32d872e3905746ff1048078256cb00f946b97d8a
	Issue introduced in 6.13 with commit c7fc0366c65628fd69bfc310affec4918199aae2 and fixed in 6.15 with commit 7e91ae31e2d264155dfd102101afc2de7bd74a64

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-22120
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ext4/inode.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/551667f99bcf04fa58594d7d19aef73c861a1200
	https://git.kernel.org/stable/c/45314999f950321a341033ae8f9ac12dce40669b
	https://git.kernel.org/stable/c/32d872e3905746ff1048078256cb00f946b97d8a
	https://git.kernel.org/stable/c/7e91ae31e2d264155dfd102101afc2de7bd74a64