CVE-2025-71237

EUVD-2025-207661

18.02.2026, 16:22

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: Fix potential block overflow that cause system hang

When a user executes the FITRIM command, an underflow can occur when
calculating nblocks if end_block is too small. Since nblocks is of
type sector_t, which is u64, a negative nblocks value will become a
very large positive integer. This ultimately leads to the block layer
function __blkdev_issue_discard() taking an excessively long time to
process the bio chain, and the ns_segctor_sem lock remains held for a
long period. This prevents other tasks from acquiring the ns_segctor_sem
lock, resulting in the hang reported by syzbot in [1].

If the ending block is too small, typically if it is smaller than 4KiB
range, depending on the usage of the segment 0, it may be possible to
attempt a discard request beyond the device size causing the hang.

Exiting successfully and assign the discarded size (0 in this case)
to range->len.

Although the start and len values in the user input range are too small,
a conservative strategy is adopted here to safely ignore them, which is
equivalent to a no-op; it will not perform any trimming and will not
throw an error.

[1]
task:segctord state:D stack:28968 pid:6093 tgid:6093  ppid:2 task_flags:0x200040 flags:0x00080000
Call Trace:
 rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272
 nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]
 nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684

[ryusuke: corrected part of the commit message about the consequences]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	3.15 ≤ 𝑥 < 5.10.251
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.201
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.164
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.125
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.72
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.11
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.164-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.251-1 fixed
forky	6.19.10-1 fixed
sid	6.19.11-1 fixed
trixie	6.12.73-1 fixed
trixie (security)	6.12.74-2 fixed

linux-6.1

bullseye (security)

6.1.164-1~deb11u1

fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Published: 2026-02-18T23:00:00+00:00

References

https://git.kernel.org/stable/c/2438982f635e6cc2009be68ba2efb2998727d8d4

https://git.kernel.org/stable/c/4aa45f841413cca81882602b4042c53502f34cad

https://git.kernel.org/stable/c/6457d3ee41a4c15082ac49c5aa7fb933b4a043f3

https://git.kernel.org/stable/c/b8c5ee234bd54f1447c846101fdaef2cf70c2149

https://git.kernel.org/stable/c/ba18e5f22f26aa4ef78bc3e81f639d1d4f3845e6

https://git.kernel.org/stable/c/df1e20796c9f3d541cca47fb72e4369ea135642d

https://git.kernel.org/stable/c/ea2278657ad0d62596589fbe2caf995e189e65e7

https://git.kernel.org/stable/c/ed527ef0c264e4bed6c7b2a158ddf516b17f5f66