AZL-74387

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74387.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74387

Upstream

CVE-2025-68772

Published

2026-01-13T16:15:56Z

Modified

2026-04-01T05:22:22.836857Z

Summary

CVE-2025-68772 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid updating compression context during writeback

Bai, Shuangpeng sjb7183@psu.edu reported a bug as below:

Oops: divide error: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:f2fsallclusterpageready+0x106/0x550 fs/f2fs/compress.c:857 Call Trace: <TASK> f2fswritecache_pages fs/f2fs/data.c:3078 [inline] __f2fswritedatapages fs/f2fs/data.c:3290 [inline] f2fswritedatapages+0x1c19/0x3600 fs/f2fs/data.c:3317 dowritepages+0x38e/0x640 mm/page-writeback.c:2634 filemapfdatawrite_wbc mm/filemap.c:386 [inline] _filemapfdatawriterange mm/filemap.c:419 [inline] filewriteandwaitrange+0x2ba/0x3e0 mm/filemap.c:794 f2fsdosyncfile+0x6e6/0x1b00 fs/f2fs/file.c:294 genericwritesync include/linux/fs.h:3043 [inline] f2fsfilewriteiter+0x76e/0x2700 fs/f2fs/file.c:5259 newsyncwrite fs/readwrite.c:593 [inline] vfswrite+0x7e9/0xe00 fs/readwrite.c:686 ksyswrite+0x19d/0x2d0 fs/readwrite.c:738 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xf7/0x470 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f

The bug was triggered w/ below race condition:

fsync setattr ioctl - f2fsdosyncfile - filewriteandwaitrange - f2fswritecachepages : inode is non-compressed : cc.clustersize = F2FSI(inode)->iclustersize = 0 - tagpagesforwriteback - f2fssetattr - truncatesetsize - f2fstruncate - f2fsfileattrset - f2fssetflagscommon - setcompresscontext : F2FSI(inode)->iclustersize = 4 : setinodeflag(inode, FICOMPRESSEDFILE) - f2fscompressedfile : return true - f2fsallclusterpageready : "pgidx % cc->clustersize" trigger dividing 0 issue

Let's change as below to fix this issue: - introduce a new atomic type variable .writeback in structure f2fsinodeinfo to track the number of threads which calling f2fswritecachepages(). - use .isem lock to protect .writeback update. - check .writeback before update compression context in f2fssetflagscommon() to avoid race w/ ->writepages.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68772

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74387.json"