CVE-2025-22000

In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/14efb4793519d73fb2902bb0ece319b886e4b4b9	Patch
https://git.kernel.org/stable/c/86368616a9ce51f6b41efa251b6e066893851d67	Patch
https://git.kernel.org/stable/c/92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc7::::::

History

10 Apr 2025, 16:14

Type	Values Removed	Values Added
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/14efb4793519d73fb2902bb0ece319b886e4b4b9 -~~	() https://git.kernel.org/stable/c/14efb4793519d73fb2902bb0ece319b886e4b4b9 - Patch
References	~~() https://git.kernel.org/stable/c/86368616a9ce51f6b41efa251b6e066893851d67 -~~	() https://git.kernel.org/stable/c/86368616a9ce51f6b41efa251b6e066893851d67 - Patch
References	~~() https://git.kernel.org/stable/c/92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9e -~~	() https://git.kernel.org/stable/c/92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9e - Patch

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/huge_memory: se eliminan folios posteriores al fin del archivo con el número correcto de referencias. Cuando un folio, tras la división, es grande y debe eliminarse debido al fin del archivo, se debe usar folio_put_refs(folio, folio_nr_pages(folio)) para eliminar todas las referencias de la caché de páginas. De lo contrario, el folio no se liberará, lo que provocará una fuga de memoria. Esta fuga ocurriría en un sistema de archivos con un tamaño de bloque superior a page_size y se realiza un truncamiento, donde el tamaño de bloque hace que los folios se dividan a folios de orden superior a 0, lo que impide la liberación de los folios truncados.

03 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 08:15

Updated : 2025-04-10 16:14

NVD link : CVE-2025-22000

Mitre link : CVE-2025-22000

CVE.ORG link : CVE-2025-22000

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10