{"id":"CVE-2025-68261","summary":"ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: add i_data_sem protection in ext4_destroy_inline_data_nolock()\n\nFix a race between inline data destruction and block mapping.\n\nThe function ext4_destroy_inline_data_nolock() changes the inode data\nlayout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS.\nAt the same time, another thread may execute ext4_map_blocks(), which\ntests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks()\nor ext4_ind_map_blocks().\n\nWithout i_data_sem protection, ext4_ind_map_blocks() may receive inode\nwith EXT4_INODE_EXTENTS flag and triggering assert.\n\nkernel BUG at fs/ext4/indirect.c:546!\nEXT4-fs (loop2): unmounting filesystem.\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:ext4_ind_map_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546\n\nCall Trace:\n \u003cTASK\u003e\n ext4_map_blocks+0xb9b/0x16f0 fs/ext4/inode.c:681\n _ext4_get_block+0x242/0x590 fs/ext4/inode.c:822\n ext4_block_write_begin+0x48b/0x12c0 fs/ext4/inode.c:1124\n ext4_write_begin+0x598/0xef0 fs/ext4/inode.c:1255\n ext4_da_write_begin+0x21e/0x9c0 fs/ext4/inode.c:3000\n generic_perform_write+0x259/0x5d0 mm/filemap.c:3846\n ext4_buffered_write_iter+0x15b/0x470 fs/ext4/file.c:285\n ext4_file_write_iter+0x8e0/0x17f0 fs/ext4/file.c:679\n call_write_iter include/linux/fs.h:2271 [inline]\n do_iter_readv_writev+0x212/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10f/0x170 fs/splice.c:950\n splice_direct_to_actor+0x33a/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8","modified":"2026-04-02T13:03:28.085254Z","published":"2025-12-16T14:45:03.252Z","related":["SUSE-SU-2026:0447-1","SUSE-SU-2026:0472-1","SUSE-SU-2026:0473-1","SUSE-SU-2026:0587-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:15836-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20287-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68261.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0cd8feea8777f8d9b9a862b89c688b049a5c8475"},{"type":"WEB","url":"https://git.kernel.org/stable/c/144c48da33a01d92995aeccd8208eb47d2a8e659"},{"type":"WEB","url":"https://git.kernel.org/stable/c/22a76b0861ae61a299c8e126c1aca8c4fda820fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b266cf6851ce72b11b067fe02adf5a8687104ad"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5cad18e527ba8a9ca5463cc170073eeb5a4826f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61e03dc3794ebf77a706b85e5a36c9c6d70be6de"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b322bac9f01d03190b5abc52be5d9dd9f22a2b41"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba8aeff294ac7ff6dfe293663d815c54c5ee218c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68261.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68261"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c755e251357a0cee0679081f08c3f4ba797a8009"},{"fixed":"b322bac9f01d03190b5abc52be5d9dd9f22a2b41"},{"fixed":"61e03dc3794ebf77a706b85e5a36c9c6d70be6de"},{"fixed":"5b266cf6851ce72b11b067fe02adf5a8687104ad"},{"fixed":"144c48da33a01d92995aeccd8208eb47d2a8e659"},{"fixed":"22a76b0861ae61a299c8e126c1aca8c4fda820fd"},{"fixed":"ba8aeff294ac7ff6dfe293663d815c54c5ee218c"},{"fixed":"5cad18e527ba8a9ca5463cc170073eeb5a4826f4"},{"fixed":"0cd8feea8777f8d9b9a862b89c688b049a5c8475"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"3e96c3fdcfccb321a9e1623f78cc71b44593e965"},{"last_affected":"5781ac24bbd998ebb1ff30143bb06244d847af48"},{"last_affected":"9b06cce3ca4d60d442c39bfa7c058b71b1cee6c2"},{"last_affected":"da1e40237f8f3516581b534c484c236a79ccfd14"},{"last_affected":"7cf6b709b6412afd1d93b2c4b37163c3602e3b95"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68261.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.11.0"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.62"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68261.json"}}],"schema_version":"1.7.5"}