CVE-2025-37925

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37925
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37925.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37925
Downstream
Related
Published
2025-04-18T07:01:29.491Z
Modified
2026-03-20T12:42:33.871433Z
Summary
jfs: reject on-disk inodes of an unsupported type
Details

In the Linux kernel, the following vulnerability has been resolved:

jfs: reject on-disk inodes of an unsupported type

Syzbot has reported the following BUG:

kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: <TASK> ? __diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ? clearinode+0x168/0x190 ? doerrortrap+0x1dc/0x2c0 ? clearinode+0x168/0x190 ? __pfxdoerrortrap+0x10/0x10 ? reportbug+0x3cd/0x500 ? handleinvalidop+0x34/0x40 ? clearinode+0x168/0x190 ? excinvalidop+0x38/0x50 ? asmexcinvalidop+0x1a/0x20 ? clearinode+0x57/0x190 ? clearinode+0x167/0x190 ? clearinode+0x168/0x190 ? clearinode+0x167/0x190 jfsevictinode+0xb5/0x440 ? __pfxjfsevict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfxtxUpdateMap+0x10/0x10 jfslazycommit+0x49a/0xb80 ? rawspinunlockirqrestore+0x8f/0x140 ? lockdephardirqson+0x99/0x150 ? __pfxjfslazycommit+0x10/0x10 ? __pfxdefaultwake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfxjfslazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfxjfslazycommit+0x10/0x10 ? __pfxkthread+0x10/0x10 retfrom_fork+0x4d/0x80 ? __pfxkthread+0x10/0x10 retfromforkasm+0x1a/0x30 </TASK>

This happens when 'clearinode()' makes an attempt to finalize an underlying JFS inode of unknown type. According to JFS layout description from https://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to 15 are reserved for future extensions and should not be encountered on a valid filesystem. So add an extra check for valid inode type in 'copyfrom_dinode()'.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37925.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
79ac5a46c5c1c17476fbf84b4d4600d6d565defd
Fixed
fa6ce4a9cc9fcc8150b80db6f65186c0ed2b3143
Fixed
afc08b0b5587b553799bc375957706936a3e0088
Fixed
45fd8421081ec79e661e5f3ead2934fdbddb4287
Fixed
28419a4f3a1eeee33472a1b3856ae62aaa5a649b
Fixed
8987891c4653874d5e3f5d11f063912f4e0b58eb
Fixed
8c3f9a70d2d4dd6c640afe294b05c6a0a45434d9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37925.json"