{ "threat_severity" : "Moderate", "public_date" : "2025-04-16T00:00:00Z", "bugzilla" : { "description" : "kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()", "id" : "2360199", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2360199" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\nThere's issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n__dump_stack lib/dump_stack.c:82 [inline]\ndump_stack+0xbe/0xfd lib/dump_stack.c:123\nprint_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n__kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\nkasan_report+0x3a/0x50 mm/kasan/report.c:585\next4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\next4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\next4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\nevict+0x39f/0x880 fs/inode.c:622\niput_final fs/inode.c:1746 [inline]\niput fs/inode.c:1772 [inline]\niput+0x525/0x6c0 fs/inode.c:1758\next4_orphan_cleanup fs/ext4/super.c:3298 [inline]\next4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\nmount_bdev+0x355/0x410 fs/super.c:1446\nlegacy_get_tree+0xfe/0x220 fs/fs_context.c:611\nvfs_get_tree+0x8d/0x2f0 fs/super.c:1576\ndo_new_mount fs/namespace.c:2983 [inline]\npath_mount+0x119a/0x1ad0 fs/namespace.c:3316\ndo_mount+0xfc/0x110 fs/namespace.c:3329\n__do_sys_mount fs/namespace.c:3540 [inline]\n__se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\ndo_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\nentry_SYSCALL_64_after_hwframe+0x67/0xd1\nMemory state around the buggy address:\nffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n>ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n^\nffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:11855", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "kernel-0:6.12.0-55.24.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:11861", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.30.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:11861", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.30.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10830", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.138.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10829", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.138.1.rt21.210.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11571", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.126.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-07-23T00:00:00Z", "advisory" : "RHSA-2025:11572", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.126.1.rt14.411.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-07-15T00:00:00Z", "advisory" : "RHSA-2025:11245", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.77.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-22121\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22121\nhttps://lore.kernel.org/linux-cve-announce/2025041628-CVE-2025-22121-52fd@gregkh/T" ], "name" : "CVE-2025-22121", "csaw" : false }