{"vulnerability": "CVE-2025-21722", "sightings": [{"uuid": "08966e13-0333-4d75-8973-5631830f7c28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "https://t.me/cvedetector/18989", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21722 - Linux Nilfs2 Use-After-Free and Buffer State Inconsistency\", \n  \"Content\": \"CVE ID : CVE-2025-21722 \nPublished : Feb. 27, 2025, 2:15 a.m. | 50\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnilfs2: do not force clear folio if buffer is referenced  \n  \nPatch series \"nilfs2: protect busy buffer heads from being force-cleared\".  \n  \nThis series fixes the buffer head state inconsistency issues reported by  \nsyzbot that occurs when the filesystem is corrupted and falls back to  \nread-only, and the associated buffer head use-after-free issue.  \n  \n  \nThis patch (of 2):  \n  \nSyzbot has reported that after nilfs2 detects filesystem corruption and  \nfalls back to read-only, inconsistencies in the buffer state may occur.  \n  \nOne of the inconsistencies is that when nilfs2 calls mark_buffer_dirty()  \nto set a data or metadata buffer as dirty, but it detects that the buffer  \nis not in the uptodate state:  \n  \n WARNING: CPU: 0 PID: 6049 at fs/buffer.c:1177 mark_buffer_dirty+0x2e5/0x520  \n  fs/buffer.c:1177  \n ...  \n Call Trace:  \n    \n  nilfs_palloc_commit_alloc_entry+0x4b/0x160 fs/nilfs2/alloc.c:598  \n  nilfs_ifile_create_inode+0x1dd/0x3a0 fs/nilfs2/ifile.c:73  \n  nilfs_new_inode+0x254/0x830 fs/nilfs2/inode.c:344  \n  nilfs_mkdir+0x10d/0x340 fs/nilfs2/namei.c:218  \n  vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257  \n  do_mkdirat+0x264/0x3a0 fs/namei.c:4280  \n  __do_sys_mkdirat fs/namei.c:4295 [inline]  \n  __se_sys_mkdirat fs/namei.c:4293 [inline]  \n  __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293  \n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83  \n  entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nThe other is when nilfs_btree_propagate(), which propagates the dirty  \nstate to the ancestor nodes of a b-tree that point to a dirty buffer,  \ndetects that the origin buffer is not dirty, even though it should be:  \n  \n WARNING: CPU: 0 PID: 5245 at fs/nilfs2/btree.c:2089  \n  nilfs_btree_propagate+0xc79/0xdf0 fs/nilfs2/btree.c:2089  \n ...  \n Call Trace:  \n    \n  nilfs_bmap_propagate+0x75/0x120 fs/nilfs2/bmap.c:345  \n  nilfs_collect_file_data+0x4d/0xd0 fs/nilfs2/segment.c:587  \n  nilfs_segctor_apply_buffers+0x184/0x340 fs/nilfs2/segment.c:1006  \n  nilfs_segctor_scan_file+0x28c/0xa50 fs/nilfs2/segment.c:1045  \n  nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1216 [inline]  \n  nilfs_segctor_collect fs/nilfs2/segment.c:1540 [inline]  \n  nilfs_segctor_do_construct+0x1c28/0x6b90 fs/nilfs2/segment.c:2115  \n  nilfs_segctor_construct+0x181/0x6b0 fs/nilfs2/segment.c:2479  \n  nilfs_segctor_thread_construct fs/nilfs2/segment.c:2587 [inline]  \n  nilfs_segctor_thread+0x69e/0xe80 fs/nilfs2/segment.c:2701  \n  kthread+0x2f0/0x390 kernel/kthread.c:389  \n  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147  \n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244  \n    \n  \nBoth of these issues are caused by the callbacks that handle the  \npage/folio write requests, forcibly clear various states, including the  \nworking state of the buffers they hold, at unexpected times when they  \ndetect read-only fallback.  \n  \nFix these issues by checking if the buffer is referenced before clearing  \nthe page/folio state, and skipping the clear if it is. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"27 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-27T04:30:25.000000Z"}, {"uuid": "944bc71b-4f25-4301-a3be-c9d1c6dc58d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lwbhkuhc3x2p", "content": "", "creation_timestamp": "2025-08-13T09:00:00.144588Z"}, {"uuid": "b8e1bf9f-7bb3-4201-b7fc-35df1dcee1b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-21722", "type": "seen", "source": "MISP/af1fbe07-e10c-40c4-844e-d4419bdf6f80", "content": "", "creation_timestamp": "2025-08-22T13:26:18.000000Z"}]}