CVE-2025-22120

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22120
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22120.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-22120
Downstream
Related
Published
2025-04-16T15:16:06Z
Modified
2025-05-13T10:00:06Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: goto right label 'outmmapsem' in ext4_setattr()

Otherwise, if ext4inodeattachjinode() fails, a hung task will happen because filemapinvalidateunlock() isn't called to unlock mapping->invalidatelock. Like this:

EXT4-fs error (device sda) in ext4setattr:5557: Out of memory INFO: task fsstress:374 blocked for more than 122 seconds. Not tainted 6.14.0-rc1-next-20250206-xfstests-dirty #726 "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. task:fsstress state:D stack:0 pid:374 tgid:374 ppid:373 taskflags:0x440140 flags:0x00000000 Call Trace: <TASK> _schedule+0x2c9/0x7f0 schedule+0x27/0xa0 schedulepreemptdisabled+0x15/0x30 rwsemdownreadslowpath+0x278/0x4c0 downread+0x59/0xb0 pagecacheraunbounded+0x65/0x1b0 filemapgetpages+0x124/0x3e0 filemapread+0x114/0x3d0 vfsread+0x297/0x360 ksysread+0x6c/0xe0 dosyscall64+0x4b/0x110 entrySYSCALL64afterhwframe+0x76/0x7e

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.27-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}