Vulnerability Details CVE-2025-38580
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix inode use after free in ext4_end_io_rsv_work()
In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to
avoid adding an io_end that requires no conversion to the
i_rsv_conversion_list, which in turn prevents starting an unnecessary
worker. An ext4_emergency_state() check is also added to avoid attempting
to abort the journal in an emergency state.
Additionally, ext4_put_io_end_defer() is refactored to call
ext4_io_end_defer_completion() directly instead of being open-coded.
This also prevents starting an unnecessary worker when EXT4_IO_END_FAILED
is set but data_err=abort is not enabled.
This ensures that the check in ext4_put_io_end_defer() is consistent with
the check in ext4_end_bio(). Otherwise, we might add an io_end to the
i_rsv_conversion_list and then call ext4_finish_bio(), after which the
inode could be freed before ext4_end_io_rsv_work() is called, triggering
a use-after-free issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.7%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2025-38580
-
cpe:2.3:o:linux:linux_kernel:6.15
-
cpe:2.3:o:linux:linux_kernel:6.15.1
-
cpe:2.3:o:linux:linux_kernel:6.15.2
-
cpe:2.3:o:linux:linux_kernel:6.15.3
-
cpe:2.3:o:linux:linux_kernel:6.15.4
-
cpe:2.3:o:linux:linux_kernel:6.15.5
-
cpe:2.3:o:linux:linux_kernel:6.15.6
-
cpe:2.3:o:linux:linux_kernel:6.15.7
-
cpe:2.3:o:linux:linux_kernel:6.15.8
-
cpe:2.3:o:linux:linux_kernel:6.15.9
-
cpe:2.3:o:linux:linux_kernel:6.16