| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121644-CVE-2025-40361-50ca@gregkh> Date: Tue, 16 Dec 2025 14:40:47 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40361: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock The parent function ext4_xattr_inode_lookup_create already uses GFP_NOFS for memory alloction, so the function ext4_xattr_inode_cache_find should use same gfp_flag. The Linux kernel CVE team has assigned CVE-2025-40361 to this issue. Affected and fixed versions =========================== Fixed in 5.10.247 with commit 5e6b27f4e68682aa3db9f83ca04adef89903159b Fixed in 5.15.197 with commit bb7d0d13c6e1f061464d1c425b08348a4e0c235d Fixed in 6.1.159 with commit add8458cac0b33a5e7a6b98457b38baea9600859 Fixed in 6.6.117 with commit 199ab7b43c5ef7d384f6a08e786e107b3509acda Fixed in 6.12.58 with commit 238f7a7356c33a9797a6297c6fdfd87f113b2325 Fixed in 6.17.8 with commit 009127b0fc013aed193961686c28c2b541a5b2f3 Fixed in 6.18 with commit 1534f72dc2a11ded38b0e0268fbcc0ca24e9fd4a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40361 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ext4/xattr.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5e6b27f4e68682aa3db9f83ca04adef89903159b https://git.kernel.org/stable/c/bb7d0d13c6e1f061464d1c425b08348a4e0c235d https://git.kernel.org/stable/c/add8458cac0b33a5e7a6b98457b38baea9600859 https://git.kernel.org/stable/c/199ab7b43c5ef7d384f6a08e786e107b3509acda https://git.kernel.org/stable/c/238f7a7356c33a9797a6297c6fdfd87f113b2325 https://git.kernel.org/stable/c/009127b0fc013aed193961686c28c2b541a5b2f3 https://git.kernel.org/stable/c/1534f72dc2a11ded38b0e0268fbcc0ca24e9fd4a
Powered by blists - more mailing lists