CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37950: ocfs2: fix panic in failed foilio allocation

Description

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix panic in failed foilio allocation

commit 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") and commit
9a5e08652dc4b ("ocfs2: use an array of folios instead of an array of
pages") save -ENOMEM in the folio array upon allocation failure and call
the folio array free code.

The folio array free code expects either valid folio pointers or NULL.
Finding the -ENOMEM will result in a panic. Fix by NULLing the error
folio entry.

Classification

CVE ID: CVE-2025-37950

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.92% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37950
https://git.kernel.org/stable/c/80d18f060d5bdf2c5eb3d1d00dcb744d6a879222
https://git.kernel.org/stable/c/31d4cd4eb2f8d9b87ebfa6a5e443a59e3b3d7b8c

Timeline

2025-05-20 17:40:22 UTC
CVE

ocfs2: fix panic in failed foilio allocation