CVE-2025-37741

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7

Description A deadlock vulnerability has been identified in the Linux kernel, specifically in the jfs file system. The issue arises when the ioctl$LOOP SET STATUS64 function is called with an offset value of 4, which does not match the mounted loop device, causing the device's mapping to be invalidated. This can lead to a deadlock when the diFree function is called. The vulnerability is caused by the corruption of metapage data when reading the fixed disk inode (AIT) in raw mode, resulting in a nlink value of 0 being assigned to the iag inode. To avoid this, the nlink value of the dinode should be checked before setting the iag inode.

Recommendations To resolve this issue, update the Linux kernel to a version later than 6.12.0-rc7. As a temporary workaround, consider disabling the diFree function until a patch is available. Additionally, restrict access to the jfs imap.c module to minimize the risk of exploitation. Avoid using the ioctl$LOOP SET STATUS64 function with an offset value of 4 until the issue is resolved.