CVE-2025-71201

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the netfs component related to the handling of read requests and folio unlocking. Specifically, the issue arises when collecting read results for buffered reads, potentially leading to an early unlock of a page containing the end of file (EOF). This can occur when the collected file position is ahead of the completion of subrequests. The problem stems from unlocking a folio at the EOF position before a subsequent 'ZERO' subrequest has completed, potentially exposing uncleared tail data to applications using mmap. The issue is most reliably reproducible with 9P, due to its synchronous READ operation, but can also occur in other file systems under certain conditions. A test case involves creating a file not aligned to a page boundary and performing mmap, madvise, and mread operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.