CVE-2025-22000

Summary

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: drop beyond-EOF folios with the right number of refs

When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak.

This leak would happen on a filesystem with blocksize > page_size and a truncate is performed, where the blocksize makes folios split to >0 order ones, causing truncated folios not being freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < 86368616a9ce51f6b41efa251b6e066893851d67affected
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < 92ad820a1f2d95d5a8d6c2bd3f391bbb068a5f9eaffected
LinuxLinuxc010d47f107f609b9f4d6a103b6dfc53889049e9 < 14efb4793519d73fb2902bb0ece319b886e4b4b9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.21 <= 6.12.*unaffected
LinuxLinux6.13.9 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References