CVE-2025-22000

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22000

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22000.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22000

Downstream

BELL-CVE-2025-22000

DEBIAN-CVE-2025-22000

MINI-g4w7-xhvp-9mfw

UBUNTU-CVE-2025-22000

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

Published

2025-04-03T07:19:03Z

Modified

2025-10-15T23:21:22.756913Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

mm/huge_memory: drop beyond-EOF folios with the right number of refs

Details

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: drop beyond-EOF folios with the right number of refs

When an after-split folio is large and needs to be dropped due to EOF, folioputrefs(folio, folionrpages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak.

This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c010d47f107f609b9f4d6a103b6dfc53889049e9

Fixed

86368616a9ce51f6b41efa251b6e066893851d67

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c010d47f107f609b9f4d6a103b6dfc53889049e9

Fixed

92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c010d47f107f609b9f4d6a103b6dfc53889049e9

Fixed

14efb4793519d73fb2902bb0ece319b886e4b4b9

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.13.6

v6.13.7

v6.13.8

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.8

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.9.0

Fixed

6.12.21

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.9