CVE-2025-22036

CVSS 3.1 Score 7 of 10 (high)

Details

Published Apr 16, 2025

Updated: Apr 29, 2025

CWE ID 362

CWE ID 416

Summary

CVE-2025-22036 is a vulnerability affecting the Linux kernel's exfat file system. It involves a use-after-free (UAF) condition that occurs when get_block is called with a buffer_head allocated on the stack. This can result in stack corruption during a race condition between CPUs. Specifically, in the functions mpage_read_folio and do_mpage_readpage, if a folio does not have available buffers when bh_read is called, the function may return and the buffer_head becomes invalid. A subsequent call to put_bh with the invalid buffer_head can lead to stack corruption. This issue has been resolved by returning -EAGAIN when a folio does not have buffers, allowing the caller to use alternative functions to obtain a valid buffer_head before calling get_block again. To mitigate this vulnerability, it is recommended not to call bh_read with on-stack buffer_heads.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners