Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a negative nblocks value will become a very large positive integer. This ultimately leads to the block layer function __blkdev_issue_discard() taking an excessively long time to process the bio chain, and the ns_segctor_sem lock remains held for a long period. This prevents other tasks from acquiring the ns_segctor_sem lock, resulting in the hang reported by syzbot in [1]. If the ending block is too small, typically if it is smaller than 4KiB range, depending on the usage of the segment 0, it may be possible to attempt a discard request beyond the device size causing the hang. Exiting successfully and assign the discarded size (0 in this case) to range->len. Although the start and len values in the user input range are too small, a conservative strategy is adopted here to safely ignore them, which is equivalent to a no-op; it will not perform any trimming and will not throw an error. [1] task:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000 Call Trace: rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272 nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline] nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684 [ryusuke: corrected part of the commit message about the consequences]
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.15, < 5.10.251 |
References
- https://git.kernel.org/stable/c/2438982f635e6cc2009be68ba2efb2998727d8d4Patch
- https://git.kernel.org/stable/c/4aa45f841413cca81882602b4042c53502f34cadPatch
- https://git.kernel.org/stable/c/6457d3ee41a4c15082ac49c5aa7fb933b4a043f3Patch
- https://git.kernel.org/stable/c/b8c5ee234bd54f1447c846101fdaef2cf70c2149Patch
- https://git.kernel.org/stable/c/ba18e5f22f26aa4ef78bc3e81f639d1d4f3845e6Patch
- https://git.kernel.org/stable/c/df1e20796c9f3d541cca47fb72e4369ea135642dPatch
- https://git.kernel.org/stable/c/ea2278657ad0d62596589fbe2caf995e189e65e7Patch
- https://git.kernel.org/stable/c/ed527ef0c264e4bed6c7b2a158ddf516b17f5f66Patch
FAQ
What is CVE-2025-71237?
CVE-2025-71237 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when c...
How severe is CVE-2025-71237?
CVE-2025-71237 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-71237?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.