CVE-2025-37999

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, related to the erofs file system. The issue arises when bio add folio() fails due to being full, and erofs fileio scan folio() retries the call after allocating a new I/O request. However, this leads to erofs onlinefolio split() being called twice without a corresponding erofs onlinefolio end() call, causing the folio to be locked forever and waiters to be stuck in folio wait bit common(). This bug was introduced by a commit and made more easily triggerable by another commit that reduced the array capacity. The issue can be triggered by manually invoking readahead from userspace.

Recommendations To resolve the issue, invoke erofs onlinefolio split() only after bio add folio() has succeeded. This ensures that asynchronous completions invoking erofs onlinefolio end() will not unlock the folio because erofs fileio scan folio() is still holding a reference to be released by erofs onlinefolio end() at the end. At the moment, there is no information about a newer version that contains a fix for this vulnerability.