CVE-2025-40233

Linux Kernel 3.0.0-6.17.5 - DoS via Stale Extent Cache in OCFS2

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters(). The problem occurs when: 1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED 2. ioctl(FITRIM) triggers ocfs2_move_extents() 3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2) 4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent() which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0) 5. The extent map cache is not invalidated after the move 6. Later write() operations read stale cached flags (0x2) but disk has updated flags (0x0), causing a mismatch 7. BUG_ON(!(rec->e_flags & OCFS2_EXT_REFCOUNTED)) triggers Fix by clearing the extent map cache after each extent move/defrag operation in __ocfs2_move_extents_range(). This ensures subsequent operations read fresh extent data from disk.

Scores

EPSS 0.0018
EPSS Percentile 8.1%

Details

Status published
Products (25)
linux/Kernel 3.0.0 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.196linux
linux/Kernel 5.16.0 - 6.1.158linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.6linux
linux/Kernel 6.2.0 - 6.6.115linux
linux/Kernel 6.7.0 - 6.12.56linux
Linux/Linux < 3.0
Linux/Linux 3.0
Linux/Linux 5.10.246 - 5.10.*
... and 15 more
Published Dec 04, 2025
Tracked Since Feb 18, 2026