{"uuid": "3cefb59b-a040-4f1c-a635-8452dc7b3eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-22121", "type": "seen", "source": "https://t.me/cvedetector/23122", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22121 - Linux Kernel ext4 Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-22121 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()  \n  \nThere's issue as follows:  \nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790  \nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172  \n  \nCPU: 3 PID: 15172 Comm: syz-executor.0  \nCall Trace:  \n __dump_stack lib/dump_stack.c:82 [inline]  \n dump_stack+0xbe/0xfd lib/dump_stack.c:123  \n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400  \n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560  \n kasan_report+0x3a/0x50 mm/kasan/report.c:585  \n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137  \n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896  \n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323  \n evict+0x39f/0x880 fs/inode.c:622  \n iput_final fs/inode.c:1746 [inline]  \n iput fs/inode.c:1772 [inline]  \n iput+0x525/0x6c0 fs/inode.c:1758  \n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]  \n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300  \n mount_bdev+0x355/0x410 fs/super.c:1446  \n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611  \n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576  \n do_new_mount fs/namespace.c:2983 [inline]  \n path_mount+0x119a/0x1ad0 fs/namespace.c:3316  \n do_mount+0xfc/0x110 fs/namespace.c:3329  \n __do_sys_mount fs/namespace.c:3540 [inline]  \n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514  \n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46  \n entry_SYSCALL_64_after_hwframe+0x67/0xd1  \n  \nMemory state around the buggy address:  \n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  \n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  \n>ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  \n                   ^  \n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  \n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  \n  \nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr  \nis valid if xattr is in inode.  \nTo solve above issue call xattr_check_inode() check if xattr if valid  \nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),  \nso that there is no divergent verification. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:48.000000Z"}