CVE-2025-22122

In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bio_add_folio_nofail() and IO failure. Fix it by adjusting 'page' & trimming 'offset' so that `->bi_offset` won't be overflow, and folio can be added to bio successfully.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0c60158ff14df04c92792dd9b1809372b095040f	Patch
https://git.kernel.org/stable/c/26064d3e2b4d9a14df1072980e558c636fb023ea	Patch
https://git.kernel.org/stable/c/b96e0af1b1c99cb7e6188b6fa4963a4e47beb01e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2025-04-16 15:16

Updated : 2025-11-03 18:28

NVD link : CVE-2025-22122

Mitre link : CVE-2025-22122

CVE.ORG link : CVE-2025-22122

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-22122", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-16T15:16:06.363", "references": [{"url": "https://git.kernel.org/stable/c/0c60158ff14df04c92792dd9b1809372b095040f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/26064d3e2b4d9a14df1072980e558c636fb023ea", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b96e0af1b1c99cb7e6188b6fa4963a4e47beb01e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix adding folio to bio\n\n>4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage\nis supported, then 'offset' of folio can't be held in 'unsigned int',\ncause warning in bio_add_folio_nofail() and IO failure.\n\nFix it by adjusting 'page' & trimming 'offset' so that `->bi_offset` won't\nbe overflow, and folio can be added to bio successfully."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: correcci\u00f3n. Se permite a\u00f1adir un folio a la biograf\u00eda a partir de 4 GB en algunos ARCH, como aarch64. Se admite una p\u00e1gina enorme de 16 GB. En ese caso, el desplazamiento del folio no se puede guardar en una entero sin signo, lo que provoca una advertencia en bio_add_folio_nofail() y un fallo de E/S. Se soluciona ajustando la p\u00e1gina y recortando el desplazamiento para que `->bi_offset` no se desborde y el folio se pueda a\u00f1adir a la biograf\u00eda correctamente."}], "lastModified": "2025-11-03T18:28:07.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A2BFBA-BDBD-4F9A-A119-0B23A328E9B5", "versionEndExcluding": "6.12.33", "versionStartIncluding": "6.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "633A38C1-75C8-452D-8F1C-DA0269FD2687", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}