CVE-2025-68264

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to inline data handling within the ext4 filesystem. A stale cached value for i inline size can occur due to concurrent xattr operations, leading to a potential crash when writing inline data. Specifically, the ext4 update inline data() and ext4 create inline data() functions may operate with an outdated i inline size value, triggering a BUG ON() condition in ext4 write inline data(). The issue arises from a race condition where the inline size is modified by another thread after an initial size check but before the xattr lock is acquired. This can result in an attempt to write more data than the available inline space, causing the kernel to crash. The fix involves recalculating i inline size immediately after acquiring the xattr sem to ensure current, protected values are used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.