CVE-2025-37774

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc1-ktest-g189e17946605 #19327

Description A vulnerability in the Linux kernel has been resolved, which was causing crashes while running buffered io tests with alloc tagging slab alloc hook() at the top of the crash call stack. The issue was due to the low bits of slab->obj exts being set outside of the range used by page memcg data flags and objext flags, resulting in an invalid address dereference. The typical crash log indicates a kernel NULL pointer dereference at a virtual address. The vulnerability was likely caused by not initializing the slab->obj exts field during slab page allocation.

Recommendations For Linux kernel versions prior to 6.15.0-rc1-ktest-g189e17946605 #19327, ensure that the slab->obj exts is clear in a newly allocated slab page by initializing it during slab page allocation. As a temporary workaround, consider disabling the alloc tagging slab alloc hook() function until a patch is available. Restrict access to the vulnerable bch2 folio create() and bch2 readahead() functions to minimize the risk of exploitation. Avoid using the slab->obj exts variable in the affected API endpoints until the issue is resolved.