{"id":"CVE-2025-21811","summary":"nilfs2: protect access to buffers with no active references","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: protect access to buffers with no active references\n\nnilfs_lookup_dirty_data_buffers(), which iterates through the buffers\nattached to dirty data folios/pages, accesses the attached buffers without\nlocking the folios/pages.\n\nFor data cache, nilfs_clear_folio_dirty() may be called asynchronously\nwhen the file system degenerates to read only, so\nnilfs_lookup_dirty_data_buffers() still has the potential to cause use\nafter free issues when buffers lose the protection of their dirty state\nmidway due to this asynchronous clearing and are unintentionally freed by\ntry_to_free_buffers().\n\nEliminate this race issue by adjusting the lock section in this function.","modified":"2026-04-02T12:45:15.137474Z","published":"2025-02-27T20:01:02.256Z","related":["USN-7521-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21811.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/367a9bffabe08c04f6d725032cce3d891b2b9e1a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b08d23d7d1917bef4fbee8ad81372f49b006656"},{"type":"WEB","url":"https://git.kernel.org/stable/c/58c27fa7a610b6e8d44e6220e7dbddfbaccaf439"},{"type":"WEB","url":"https://git.kernel.org/stable/c/72cf688d0ce7e642b12ddc9b2a42524737ec1b4a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8e1b9201c9a24638cf09c6e1c9f224157328010b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c437dfac9f7a5a46ac2a5e6d6acd3059e9f68188"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d8ff250e085a4c4cdda4ad1cdd234ed110393143"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e1fc4a90a90ea8514246c45435662531975937d9"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21811.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21811"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8c26c4e2694a163d525976e804d81cd955bbb40c"},{"fixed":"e1fc4a90a90ea8514246c45435662531975937d9"},{"fixed":"72cf688d0ce7e642b12ddc9b2a42524737ec1b4a"},{"fixed":"d8ff250e085a4c4cdda4ad1cdd234ed110393143"},{"fixed":"58c27fa7a610b6e8d44e6220e7dbddfbaccaf439"},{"fixed":"8e1b9201c9a24638cf09c6e1c9f224157328010b"},{"fixed":"4b08d23d7d1917bef4fbee8ad81372f49b006656"},{"fixed":"c437dfac9f7a5a46ac2a5e6d6acd3059e9f68188"},{"fixed":"367a9bffabe08c04f6d725032cce3d891b2b9e1a"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21811.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}