PT-2025-51674 · Linux+4 · Linux Kernel+4

Published

2025-11-26

·

Updated

2026-05-26

·

CVE-2025-68261

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw in the ext4 filesystem implementation. Specifically, a race condition exists between inline data destruction and block mapping within the ext4 destroy inline data nolock() function. This occurs when the function modifies inode data layout while another thread is executing ext4 map blocks(), potentially leading to an assertion failure and a kernel bug. The issue arises from a lack of i data sem protection, allowing ext4 ind map blocks() to receive an inode with the EXT4 INODE EXTENTS flag set, triggering the assertion. The vulnerability can be triggered during file operations such as sendfile.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Weakness Enumeration

CWE-120

Related Identifiers

AZL-72469
BDU:2026-01349
CVE-2025-68261
ECHO-1CF8-F780-EB0A
OESA-2026-1759
OESA-2026-1760
OESA-2026-1761
OPENSUSE-SU-2025:15836-1
OPENSUSE-SU-2026:10301-1
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu
Ext4