| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111245-CVE-2025-40196-f1fa@gregkh> Date: Wed, 12 Nov 2025 17:00:59 -0500 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40196: fs: quota: create dedicated workqueue for quota_release_work From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors. This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set ... The Linux kernel CVE team has assigned CVE-2025-40196 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.64 with commit bcacb52a985f1b6d280f698a470b873dfe52728a and fixed in 6.6.114 with commit f846eacde280ecc3daedfe001580e3033565179e Issue introduced in 6.12.4 with commit 8ea87e34792258825d290f4dc5216276e91cb224 and fixed in 6.12.54 with commit f12039df1515d5daf7d92e586ece5cefeb39561b Issue introduced in 6.13 with commit ac6f420291b3fee1113f21d612fa88b628afab5b and fixed in 6.17.4 with commit 8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0 Issue introduced in 6.13 with commit ac6f420291b3fee1113f21d612fa88b628afab5b and fixed in 6.18-rc1 with commit 72b7ceca857f38a8ca7c5629feffc63769638974 Issue introduced in 5.4.287 with commit a5abba5e0e586e258ded3e798fe5f69c66fec198 Issue introduced in 5.10.231 with commit 6f3821acd7c3143145999248087de5fb4b48cf26 Issue introduced in 5.15.174 with commit ab6cfcf8ed2c7496f55d020b65b1d8cd55d9a2cb Issue introduced in 6.1.120 with commit 3e6ff207cd5bd924ad94cd1a7c633bcdac0ba1cb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40196 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/quota/dquot.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f846eacde280ecc3daedfe001580e3033565179e https://git.kernel.org/stable/c/f12039df1515d5daf7d92e586ece5cefeb39561b https://git.kernel.org/stable/c/8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0 https://git.kernel.org/stable/c/72b7ceca857f38a8ca7c5629feffc63769638974
Powered by blists - more mailing lists