CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-37999

In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() If bio_add_folio() fails (because it is full), erofs_fileio_scan_folio() needs to submit the I/O request via erofs_fileio_rq_submit() and allocate a new I/O request with an empty `struct bio`. Then it retries the bio_add_folio() call. However, at this point, erofs_onlinefolio_split() has already been called which increments `folio->private`; the retry will call erofs_onlinefolio_split() again, but there will never be a matching erofs_onlinefolio_end() call. This leaves the folio locked forever and all waiters will be stuck in folio_wait_bit_common(). This bug has been added by commit ce63cb62d794 ("erofs: support unencoded inodes for fileio"), but was practically unreachable because there was room for 256 folios in the `struct bio` - until commit 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") which reduced the array capacity to 16 folios. It was now trivial to trigger the bug by manually invoking readahead from userspace, e.g.: posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED); This should be fixed by invoking erofs_onlinefolio_split() only after bio_add_folio() has succeeded. This is safe: asynchronous completions invoking erofs_onlinefolio_end() will not unlock the folio because erofs_fileio_scan_folio() is still holding a reference to be released by erofs_onlinefolio_end() at the end.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.7%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2025-37999

Linux » Linux Kernel » Version: 6.12

cpe:2.3:o:linux:linux_kernel:6.12
Linux » Linux Kernel » Version: 6.12.1

cpe:2.3:o:linux:linux_kernel:6.12.1
Linux » Linux Kernel » Version: 6.12.10

cpe:2.3:o:linux:linux_kernel:6.12.10
Linux » Linux Kernel » Version: 6.12.11

cpe:2.3:o:linux:linux_kernel:6.12.11
Linux » Linux Kernel » Version: 6.12.12

cpe:2.3:o:linux:linux_kernel:6.12.12
Linux » Linux Kernel » Version: 6.12.13

cpe:2.3:o:linux:linux_kernel:6.12.13
Linux » Linux Kernel » Version: 6.12.14

cpe:2.3:o:linux:linux_kernel:6.12.14
Linux » Linux Kernel » Version: 6.12.15

cpe:2.3:o:linux:linux_kernel:6.12.15
Linux » Linux Kernel » Version: 6.12.16

cpe:2.3:o:linux:linux_kernel:6.12.16
Linux » Linux Kernel » Version: 6.12.17

cpe:2.3:o:linux:linux_kernel:6.12.17
Linux » Linux Kernel » Version: 6.12.18

cpe:2.3:o:linux:linux_kernel:6.12.18
Linux » Linux Kernel » Version: 6.12.19

cpe:2.3:o:linux:linux_kernel:6.12.19
Linux » Linux Kernel » Version: 6.12.2

cpe:2.3:o:linux:linux_kernel:6.12.2
Linux » Linux Kernel » Version: 6.12.20

cpe:2.3:o:linux:linux_kernel:6.12.20
Linux » Linux Kernel » Version: 6.12.21

cpe:2.3:o:linux:linux_kernel:6.12.21
Linux » Linux Kernel » Version: 6.12.22

cpe:2.3:o:linux:linux_kernel:6.12.22
Linux » Linux Kernel » Version: 6.12.23

cpe:2.3:o:linux:linux_kernel:6.12.23
Linux » Linux Kernel » Version: 6.12.24

cpe:2.3:o:linux:linux_kernel:6.12.24
Linux » Linux Kernel » Version: 6.12.25

cpe:2.3:o:linux:linux_kernel:6.12.25
Linux » Linux Kernel » Version: 6.12.26

cpe:2.3:o:linux:linux_kernel:6.12.26
Linux » Linux Kernel » Version: 6.12.27

cpe:2.3:o:linux:linux_kernel:6.12.27
Linux » Linux Kernel » Version: 6.12.28

cpe:2.3:o:linux:linux_kernel:6.12.28
Linux » Linux Kernel » Version: 6.12.3

cpe:2.3:o:linux:linux_kernel:6.12.3
Linux » Linux Kernel » Version: 6.12.4

cpe:2.3:o:linux:linux_kernel:6.12.4
Linux » Linux Kernel » Version: 6.12.5

cpe:2.3:o:linux:linux_kernel:6.12.5
Linux » Linux Kernel » Version: 6.12.6

cpe:2.3:o:linux:linux_kernel:6.12.6
Linux » Linux Kernel » Version: 6.12.7

cpe:2.3:o:linux:linux_kernel:6.12.7
Linux » Linux Kernel » Version: 6.12.8

cpe:2.3:o:linux:linux_kernel:6.12.8
Linux » Linux Kernel » Version: 6.12.9

cpe:2.3:o:linux:linux_kernel:6.12.9
Linux » Linux Kernel » Version: 6.13

cpe:2.3:o:linux:linux_kernel:6.13
Linux » Linux Kernel » Version: 6.13.1

cpe:2.3:o:linux:linux_kernel:6.13.1
Linux » Linux Kernel » Version: 6.13.10

cpe:2.3:o:linux:linux_kernel:6.13.10
Linux » Linux Kernel » Version: 6.13.11

cpe:2.3:o:linux:linux_kernel:6.13.11
Linux » Linux Kernel » Version: 6.13.12

cpe:2.3:o:linux:linux_kernel:6.13.12
Linux » Linux Kernel » Version: 6.13.2

cpe:2.3:o:linux:linux_kernel:6.13.2
Linux » Linux Kernel » Version: 6.13.3

cpe:2.3:o:linux:linux_kernel:6.13.3
Linux » Linux Kernel » Version: 6.13.4

cpe:2.3:o:linux:linux_kernel:6.13.4
Linux » Linux Kernel » Version: 6.13.5

cpe:2.3:o:linux:linux_kernel:6.13.5
Linux » Linux Kernel » Version: 6.13.6

cpe:2.3:o:linux:linux_kernel:6.13.6
Linux » Linux Kernel » Version: 6.13.7

cpe:2.3:o:linux:linux_kernel:6.13.7
Linux » Linux Kernel » Version: 6.13.8

cpe:2.3:o:linux:linux_kernel:6.13.8
Linux » Linux Kernel » Version: 6.13.9

cpe:2.3:o:linux:linux_kernel:6.13.9
Linux » Linux Kernel » Version: 6.14

cpe:2.3:o:linux:linux_kernel:6.14
Linux » Linux Kernel » Version: 6.14.1

cpe:2.3:o:linux:linux_kernel:6.14.1
Linux » Linux Kernel » Version: 6.14.2

cpe:2.3:o:linux:linux_kernel:6.14.2
Linux » Linux Kernel » Version: 6.14.3

cpe:2.3:o:linux:linux_kernel:6.14.3
Linux » Linux Kernel » Version: 6.14.4

cpe:2.3:o:linux:linux_kernel:6.14.4
Linux » Linux Kernel » Version: 6.14.5

cpe:2.3:o:linux:linux_kernel:6.14.5
Linux » Linux Kernel » Version: 6.14.6

cpe:2.3:o:linux:linux_kernel:6.14.6
Linux » Linux Kernel » Version: 6.15

cpe:2.3:o:linux:linux_kernel:6.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-37999

Products

Pricing

Contact Us