CVE-2025-23150

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed

Description A use-after-free issue was detected in the ext4 insert dentry function due to out-of-bounds access caused by incorrect splitting in do split. This issue can lead to out-of-bounds access and subsequent use-after-free when having too many long name files in a single block. The problem was found by the Linux Verification Center with Syzkaller.

Recommendations As a temporary workaround, consider disabling the ext4 insert dentry function until a patch is available. To resolve the issue, update the Linux kernel to a version that includes the fix for the use-after-free issue in ext4 insert dentry.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193CWE-416

Related Identifiers

ALSA-2025:11298

ALSA-2025:11299

ALSA-2025:9302

BDU:2025-12110

CESA-2025_11298

CESA-2025_11299

CVE-2025-23150

DLA-4178-1

DLA-4193-1

ECHO-8EDE-95CC-77B1

INFSA-2025_11298

INFSA-2025_11299

INFSA-2025_9302

OESA-2025-1541

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

RHSA-2025:11245

RHSA-2025:11298

RHSA-2025:11299

RHSA-2025:11571

RHSA-2025:11572

RHSA-2025:12525

RHSA-2025:12526

RHSA-2025:13061

RHSA-2025:13776

RHSA-2025:13805

RHSA-2025:14746

RHSA-2025:14748

RHSA-2025:9302

RHSA-2025:9348

RHSA-2025_11298

RHSA-2025_11299

RHSA-2025_9302

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01967-1

SUSE-SU-2025:01972-1

SUSE-SU-2025:01983-1

SUSE-SU-2025:02000-1

SUSE-SU-2025:20408-1

SUSE-SU-2025:20413-1

SUSE-SU-2025:20419-1

SUSE-SU-2025:20421-1

SUSE-SU-2025_01951-1

SUSE-SU-2025_01964-1

SUSE-SU-2025_01965-1

SUSE-SU-2025_01967-1

SUSE-SU-2025_01972-1

SUSE-SU-2025_01983-1

SUSE-SU-2025_02000-1

USN-7594-1

USN-7594-2

USN-7594-3

USN-7654-1

USN-7654-2

USN-7654-3

USN-7654-4

USN-7654-5

USN-7655-1

USN-7686-1

USN-7711-1

USN-7712-1

USN-7712-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-23150

Weakness Enumeration

Related Identifiers

Affected Products

References · 3308