ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()
Summary
| CVE | CVE-2025-68261 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-12-16 15:15:55 UTC |
| Updated | 2026-07-14 13:17:57 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS. At the same time, another thread may execute ext4_map_blocks(), which tests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks() or ext4_ind_map_blocks(). Without i_data_sem protection, ext4_ind_map_blocks() may receive inode with EXT4_INODE_EXTENTS flag and triggering assert. kernel BUG at fs/ext4/indirect.c:546! EXT4-fs (loop2): unmounting filesystem. invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:ext4_ind_map_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546 Call Trace: <TASK> ext4_map_blocks+0xb9b/0x16f0 fs/ext4/inode.c:681 _ext4_get_block+0x242/0x590 fs/ext4/inode.c:822 ext4_block_write_begin+0x48b/0x12c0 fs/ext4/inode.c:1124 ext4_write_begin+0x598/0xef0 fs/ext4/inode.c:1255 ext4_da_write_begin+0x21e/0x9c0 fs/ext4/inode.c:3000 generic_perform_write+0x259/0x5d0 mm/filemap.c:3846 ext4_buffered_write_iter+0x15b/0x470 fs/ext4/file.c:285 ext4_file_write_iter+0x8e0/0x17f0 fs/ext4/file.c:679 call_write_iter include/linux/fs.h:2271 [inline] do_iter_readv_writev+0x212/0x3c0 fs/read_write.c:735 do_iter_write+0x186/0x710 fs/read_write.c:861 vfs_iter_write+0x70/0xa0 fs/read_write.c:902 iter_file_splice_write+0x73b/0xc90 fs/splice.c:685 do_splice_from fs/splice.c:763 [inline] direct_splice_actor+0x10f/0x170 fs/splice.c:950 splice_direct_to_actor+0x33a/0xa10 fs/splice.c:896 do_splice_direct+0x1a9/0x280 fs/splice.c:1002 do_sendfile+0xb13/0x12c0 fs/read_write.c:1255 __do_sys_sendfile64 fs/read_write.c:1323 [inline] __se_sys_sendfile64 fs/read_write.c:1309 [inline] __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 |
Risk And Classification
EPSS: 0.001800000 probability, percentile 0.076620000 (date 2026-07-14)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 b322bac9f01d03190b5abc52be5d9dd9f22a2b41 git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 61e03dc3794ebf77a706b85e5a36c9c6d70be6de git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 5b266cf6851ce72b11b067fe02adf5a8687104ad git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 144c48da33a01d92995aeccd8208eb47d2a8e659 git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 22a76b0861ae61a299c8e126c1aca8c4fda820fd git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 ba8aeff294ac7ff6dfe293663d815c54c5ee218c git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 5cad18e527ba8a9ca5463cc170073eeb5a4826f4 git | Not specified |
| CNA | Linux | Linux | affected c755e251357a0cee0679081f08c3f4ba797a8009 0cd8feea8777f8d9b9a862b89c688b049a5c8475 git | Not specified |
| CNA | Linux | Linux | affected 3e96c3fdcfccb321a9e1623f78cc71b44593e965 git | Not specified |
| CNA | Linux | Linux | affected 5781ac24bbd998ebb1ff30143bb06244d847af48 git | Not specified |
| CNA | Linux | Linux | affected 9b06cce3ca4d60d442c39bfa7c058b71b1cee6c2 git | Not specified |
| CNA | Linux | Linux | affected da1e40237f8f3516581b534c484c236a79ccfd14 git | Not specified |
| CNA | Linux | Linux | affected 7cf6b709b6412afd1d93b2c4b37163c3602e3b95 git | Not specified |
| CNA | Linux | Linux | affected 3.16.44 3.17 semver | Not specified |
| CNA | Linux | Linux | affected 3.18.107 3.19 semver | Not specified |
| CNA | Linux | Linux | affected 4.4.129 4.5 semver | Not specified |
| CNA | Linux | Linux | affected 4.9.14 4.10 semver | Not specified |
| CNA | Linux | Linux | affected 4.10.2 4.11 semver | Not specified |
| CNA | Linux | Linux | affected 4.11 | Not specified |
| CNA | Linux | Linux | unaffected 4.11 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.248 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.198 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.160 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.120 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.62 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.17.12 6.17.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.1 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/ba8aeff294ac7ff6dfe293663d815c54c5ee218c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/5b266cf6851ce72b11b067fe02adf5a8687104ad | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/0cd8feea8777f8d9b9a862b89c688b049a5c8475 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/144c48da33a01d92995aeccd8208eb47d2a8e659 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| cert-portal.siemens.com/productcert/html/ssa-019113.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/22a76b0861ae61a299c8e126c1aca8c4fda820fd | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/5cad18e527ba8a9ca5463cc170073eeb5a4826f4 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/61e03dc3794ebf77a706b85e5a36c9c6d70be6de | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/b322bac9f01d03190b5abc52be5d9dd9f22a2b41 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.