CVE-2025-39885
published 2025-09-23CVE-2025-39885: In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix recursive semaphore deadlock in fiemap call
syzbot detected a OCFS2 hang due to a recursive semaphore on a
FS_IOC_FIEMAP of the extent list on a specially crafted mmap file.
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0x165/0x360 kernel/sched/core.c:7058
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115
rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185
__down_write_common kernel/locking/rwsem.c:1317 [inline]
__down_write kernel/locking/rwsem.c:1326 [inline]
down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591
ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142
do_page_mkwrite+0x14d/0x310 mm/memory.c:3361
wp_page_shared mm/memory.c:3762 [inline]
do_wp_page+0x268d/0x5800 mm/memory.c:3981
handle_pte_fault mm/memory.c:6068 [inline]
__handle_mm_fault+0x1033/0x5440 mm/memory.c:6195
handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364
do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387
handle_page_fault arch/x86/mm/fault.c:1476 [inline]
exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
RIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline]
RIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26
Code: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89
f7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 a4 0f
1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41
RSP: 0018:ffffc9000403f950 EFLAGS: 00050256
RAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038
RDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060
RBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42
R10: dffffc0000000
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 16e518ca84dfe860c20a62f3615e14e8af0ace57 | 16e518ca84dfe860c20a62f3615e14e8af0ace57 |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 7e1514bd44ef68007703c752c99ff7319f35bce6 | 7e1514bd44ef68007703c752c99ff7319f35bce6 |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < ef30404980e4c832ef9bba1b10c08f67fa77a9ec | ef30404980e4c832ef9bba1b10c08f67fa77a9ec |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 36054554772f95d090eb45793faf6aa3c0254b02 | 36054554772f95d090eb45793faf6aa3c0254b02 |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 0709bc11b942870fc0a7be150e42aea42321093a | 0709bc11b942870fc0a7be150e42aea42321093a |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 1d3c96547ee2ddeaddf8f19a3ef99ea06cc8115e | 1d3c96547ee2ddeaddf8f19a3ef99ea06cc8115e |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 9efcb7a8b97310efed995397941a292cf89fa94f | 9efcb7a8b97310efed995397941a292cf89fa94f |
| linux | linux | >= 00dc417fa3e763345b34ccb6034d72de76eea0a1 < 04100f775c2ea501927f508f17ad824ad1f23c8d | 04100f775c2ea501927f508f17ad824ad1f23c8d |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.247-1 | 5.10.247-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.48-1 | 6.12.48-1 |
| linux | linux_kernel | >= 0 < 6.16.8-1 | 6.16.8-1 |
| linux | linux_kernel | >= 0 < 5.15.0-170.180 | 5.15.0-170.180 |
| linux | linux_kernel | >= 0 < 6.8.0-106.106 | 6.8.0-106.106 |
| linux | linux_kernel | >= 2.6.28 < 5.4.300 | 5.4.300 |
| linux | linux_kernel | >= 5.11 < 5.15.194 | 5.15.194 |
| linux | linux_kernel | >= 5.16 < 6.1.153 | 6.1.153 |
| linux | linux_kernel | >= 5.5 < 5.10.245 | 5.10.245 |
| linux | linux_kernel | >= 6.13 < 6.16.8 | 6.16.8 |
| linux | linux_kernel | >= 6.2 < 6.6.107 | 6.6.107 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH