CVE-2025-39879

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.10-cm4all1-es

Description The Linux kernel contains a flaw within the Ceph subsystem related to folio batch handling. Specifically, the ceph shift unused folios left() function is not consistently called after ceph process folio batch(), leading to a potential kernel crash. This occurs when ceph process folio batch() sets folio batch entries to NULL, creating an illegal state. The missing call to ceph shift unused folios left() prevents the removal of these NULL entries before folio batch release(), resulting in a NULL pointer dereference. The issue arises from changes introduced by commits ce80b76dd327 and 1551ec61dc55, which altered the timing and conditions for calling ceph shift unused folios left(). A crash can be triggered by modifying the return value of ceph check page before write() to -E2BIG. The crash is more reliably reproducible when huge zero folio has been allocated.

Recommendations Update to Linux kernel version 6.15.10-cm4all1-es or later.