CVE-2025-22122 is a vulnerability identified in the Linux kernel related to the handling of large memory pages (folios) within block I/O operations. Specifically, the issue arises when adding a folio larger than 4GB to a bio structure on certain architectures such as aarch64, which supports 16GB hugepages. The vulnerability stems from the inability of the 'offset' field in the bio structure, which is an unsigned int, to correctly represent offsets for folios exceeding 4GB. This causes an overflow in the 'bi_offset' field during the bio_add_folio_nofail() function call, leading to warnings and potential I/O failures. The root cause is that the offset cannot be held within the 32-bit unsigned integer, resulting in incorrect memory addressing during block I/O operations. The fix involves adjusting the 'page' pointer and trimming the 'offset' to ensure that 'bi_offset' does not overflow, allowing the folio to be correctly added to the bio structure and preventing I/O errors. This vulnerability affects Linux kernel versions identified by the commit hash ed9832bc08db29874600eb066b74918fe6fc2060 and was published on April 16, 2025. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability could lead to serious disruptions in systems running affected Linux kernel versions on architectures supporting large folios, notably aarch64-based servers or devices. The primary impact is on the availability and reliability of block I/O operations, potentially causing I/O failures that could result in data corruption, system crashes, or degraded performance. Organizations relying on large memory pages for performance optimization, such as cloud providers, data centers, and enterprises using ARM-based servers, may experience instability or data loss if the vulnerability is exploited or triggered unintentionally. While there is no evidence of active exploitation, the risk remains that attackers or faulty software could induce I/O failures, impacting critical services and data integrity. Confidentiality impact is minimal as this is primarily an integrity and availability issue. However, the disruption of storage operations can have cascading effects on business continuity and service availability, which are critical for European organizations subject to strict regulatory requirements such as GDPR and NIS Directive.

To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2025-22122. Since the issue is architecture-specific, organizations using aarch64 or other architectures supporting large folios should verify their kernel versions and apply updates promptly. Additionally, system administrators should audit their systems for usage of hugepages and large folios in block I/O operations and monitor system logs for warnings related to bio_add_folio_nofail() or I/O failures that could indicate attempts to trigger this vulnerability. Testing kernel updates in staging environments before production deployment is recommended to ensure stability. For environments where immediate patching is not feasible, consider disabling or limiting the use of hugepages or large folios in block I/O operations as a temporary workaround. Implementing robust backup and recovery procedures will also help mitigate potential data loss from I/O failures. Finally, maintain vigilance for any emerging exploit reports or advisories related to this CVE.