CVE-2025-38139 Information
Description
In the Linux kernel the following vulnerability has been resolved:
netfs: Fix oops in write-retry from mis-resetting the subreq iterator
Fix the resetting of the subrequest iterator in netfs_retry_write_stream() to use the iterator-reset function as the iterator may have been shortened by a previous retry. In such a case the amount of data to be written by the subrequest is not \subreq->len\ but \subreq->len - subreq->transferred.
Without this KASAN may see an error in iov_iter_revert():
BUG: KASAN: slab-out-of-bounds in iov_iter_revert lib/iov_iter.c:633 [inline] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0 lib/iov_iter.c:611 Read of size 4 at addr ffff88802912a0b8 by task kworker/u32:7/1147
CPU: 1 UID: 0 PID: 1147 Comm: kworker/u32:7 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae 0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9 2009) BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: events_unbound netfs_write_collection_worker
Call Trace:
Reference
https://git.kernel.org/stable/c/4481f7f2b3df123ec77e828c849138f75cff2bf2 https://git.kernel.org/stable/c/bd0edaf99a920b1a9decd773179caacacb61d0fd
Related CNNVD
CNNVD-202507-226 (Published: 2025-07-03)
Share on: