CVE-2025-22072: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak. Unfortunately, it had been fixed the wrong way. Dentry of gang directory was no longer pinned, and rmdir on close was gone. One problem was that failure of open kept calling simple_rmdir() as cleanup, which meant an unbalanced dput(). Another bug was in the success case - gang creation incremented link count on root directory, but that was no longer undone when gang got destroyed. Fix consists of * reverting the commit in question * adding a counter to gang, protected by ->i_rwsem of gang directory inode. * having it set to 1 at creation time, dropped in both spufs_dir_close() and spufs_gang_close() and bumped in spufs_create_context(), provided that it's not 0. * using simple_recursive_removal() to take the gang directory out when counter reaches zero.
AI Analysis
Technical Summary
CVE-2025-22072 is a vulnerability identified in the Linux kernel specifically related to the spufs (special purpose file system) implementation on POWERPC architectures. The issue arises from improper management of gang directory lifetimes within the spufs subsystem. Originally, the creation of a gang returned an opened gang directory, which should be removed when closed. However, if a context associated with that gang remained alive after the gang was closed, the removal operation failed, causing a resource leak. An attempted fix inadvertently introduced further issues: the gang directory's dentry was no longer pinned, and the removal on close (rmdir) was disabled. This led to unbalanced reference counts and link counts on the root directory inode, resulting in potential resource leaks and inconsistent filesystem state. The final fix reverts the problematic commit and introduces a reference counter protected by a read-write semaphore on the gang directory inode. This counter is initialized at creation, incremented when contexts are created, and decremented upon closure of contexts or the gang itself. When the counter reaches zero, a recursive removal of the gang directory is triggered, ensuring proper cleanup. This vulnerability is rooted in kernel resource management and does not appear to directly allow code execution or privilege escalation but can cause resource leaks and filesystem inconsistencies that may degrade system stability or availability over time. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2025-22072 primarily concerns system stability and availability rather than direct compromise of confidentiality or integrity. Systems running affected Linux kernel versions on POWERPC architectures, particularly those utilizing the spufs filesystem, may experience resource leaks leading to degraded performance or denial of service conditions if gang directories are not properly cleaned up. This can affect critical infrastructure, servers, or embedded systems relying on POWERPC Linux kernels, potentially causing unexpected downtime or increased maintenance overhead. While the vulnerability does not currently have known exploits, persistent resource leaks can be exploited by attackers to cause denial of service or to create conditions favorable for further attacks. Organizations with POWERPC-based Linux deployments in sectors such as telecommunications, industrial control systems, or research computing should be particularly vigilant. The lack of a direct privilege escalation vector reduces the risk of immediate compromise, but the operational impact on availability can be significant in high-availability environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-22072 as soon as patches become available. Given the complexity of the fix involving inode reference counting and semaphore protection, relying on vendor-supplied kernel updates is recommended rather than attempting manual patching. System administrators should audit their environments to identify POWERPC-based Linux systems using spufs and monitor for unusual resource usage or filesystem anomalies that could indicate leakage. Implementing proactive monitoring of inode and dentry reference counts, if supported by kernel debugging tools, can help detect early signs of the issue. Additionally, organizations should ensure robust system restart and cleanup procedures to mitigate lingering resource leaks. For embedded or specialized systems where kernel updates are delayed, consider isolating affected systems from critical networks to reduce risk exposure. Finally, maintain regular backups and system snapshots to facilitate recovery in case of instability caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2025-22072: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak. Unfortunately, it had been fixed the wrong way. Dentry of gang directory was no longer pinned, and rmdir on close was gone. One problem was that failure of open kept calling simple_rmdir() as cleanup, which meant an unbalanced dput(). Another bug was in the success case - gang creation incremented link count on root directory, but that was no longer undone when gang got destroyed. Fix consists of * reverting the commit in question * adding a counter to gang, protected by ->i_rwsem of gang directory inode. * having it set to 1 at creation time, dropped in both spufs_dir_close() and spufs_gang_close() and bumped in spufs_create_context(), provided that it's not 0. * using simple_recursive_removal() to take the gang directory out when counter reaches zero.
AI-Powered Analysis
Technical Analysis
CVE-2025-22072 is a vulnerability identified in the Linux kernel specifically related to the spufs (special purpose file system) implementation on POWERPC architectures. The issue arises from improper management of gang directory lifetimes within the spufs subsystem. Originally, the creation of a gang returned an opened gang directory, which should be removed when closed. However, if a context associated with that gang remained alive after the gang was closed, the removal operation failed, causing a resource leak. An attempted fix inadvertently introduced further issues: the gang directory's dentry was no longer pinned, and the removal on close (rmdir) was disabled. This led to unbalanced reference counts and link counts on the root directory inode, resulting in potential resource leaks and inconsistent filesystem state. The final fix reverts the problematic commit and introduces a reference counter protected by a read-write semaphore on the gang directory inode. This counter is initialized at creation, incremented when contexts are created, and decremented upon closure of contexts or the gang itself. When the counter reaches zero, a recursive removal of the gang directory is triggered, ensuring proper cleanup. This vulnerability is rooted in kernel resource management and does not appear to directly allow code execution or privilege escalation but can cause resource leaks and filesystem inconsistencies that may degrade system stability or availability over time. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2025-22072 primarily concerns system stability and availability rather than direct compromise of confidentiality or integrity. Systems running affected Linux kernel versions on POWERPC architectures, particularly those utilizing the spufs filesystem, may experience resource leaks leading to degraded performance or denial of service conditions if gang directories are not properly cleaned up. This can affect critical infrastructure, servers, or embedded systems relying on POWERPC Linux kernels, potentially causing unexpected downtime or increased maintenance overhead. While the vulnerability does not currently have known exploits, persistent resource leaks can be exploited by attackers to cause denial of service or to create conditions favorable for further attacks. Organizations with POWERPC-based Linux deployments in sectors such as telecommunications, industrial control systems, or research computing should be particularly vigilant. The lack of a direct privilege escalation vector reduces the risk of immediate compromise, but the operational impact on availability can be significant in high-availability environments.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the fix for CVE-2025-22072 as soon as patches become available. Given the complexity of the fix involving inode reference counting and semaphore protection, relying on vendor-supplied kernel updates is recommended rather than attempting manual patching. System administrators should audit their environments to identify POWERPC-based Linux systems using spufs and monitor for unusual resource usage or filesystem anomalies that could indicate leakage. Implementing proactive monitoring of inode and dentry reference counts, if supported by kernel debugging tools, can help detect early signs of the issue. Additionally, organizations should ensure robust system restart and cleanup procedures to mitigate lingering resource leaks. For embedded or specialized systems where kernel updates are delayed, consider isolating affected systems from critical networks to reduce risk exposure. Finally, maintain regular backups and system snapshots to facilitate recovery in case of instability caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.814Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9831c4522896dcbe7fe6
Added to database: 5/21/2025, 9:09:05 AM
Last enriched: 7/3/2025, 8:55:55 PM
Last updated: 7/31/2025, 2:52:26 AM
Views: 11
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.