Home

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential null deref in ext4_mb_init() In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy() lacks null pointer checking, this leads to a null pointer dereference. ================================================================== EXT4-fs: no memory for groupinfo slab cache BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0002 [#1] SMP PTI CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none) RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40 Call Trace: <TASK> xa_destroy+0x61/0x130 ext4_mb_init+0x483/0x540 __ext4_fill_super+0x116d/0x17b0 ext4_fill_super+0xd3/0x280 get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x29/0xd0 do_new_mount+0x197/0x300 __x64_sys_mount+0x116/0x150 do_syscall_64+0x50/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy() to prevent this issue. The same fix is also applied to ext4_mb_largest_free_orders_destroy().

PUBLISHED Reserved 2025-04-16 | Published 2025-11-12 | Updated 2025-12-01 | Assigner Linux

Product status

Default status
unaffected

f7eaacbb4e54f8a6c6674c16eff54f703ea63d5e (git) before 00110f3cfc9b34b2dfee2a6c9e55a0ae6df125ae
affected

f7eaacbb4e54f8a6c6674c16eff54f703ea63d5e (git) before 3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188
affected

Default status
affected

6.17
affected

Any version before 6.17
unaffected

6.17.3 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/00110f3cfc9b34b2dfee2a6c9e55a0ae6df125ae

git.kernel.org/...c/3c3fac6bc0a9c00dbe65d8dc0d3a282afe4d3188

cve.org (CVE-2025-40119)

nvd.nist.gov (CVE-2025-40119)

Download JSON