CVE-2025-37925: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> This happens when 'clear_inode()' makes an attempt to finalize an underlying JFS inode of unknown type. According to JFS layout description from https://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to 15 are reserved for future extensions and should not be encountered on a valid filesystem. So add an extra check for valid inode type in 'copy_from_dinode()'.
AI Analysis
Technical Summary
CVE-2025-37925 is a vulnerability identified in the Linux kernel specifically affecting the Journaled File System (JFS) implementation. The issue arises when the kernel function clear_inode() attempts to finalize an underlying JFS inode of an unsupported or unknown type. According to the JFS filesystem layout specification, inode types ranging from 5 to 15 are reserved for future extensions and should not appear on a valid filesystem. However, the vulnerability occurs because the kernel does not adequately validate the inode type during the copy_from_dinode() operation, which leads to a kernel BUG triggered by an invalid opcode exception. This bug manifests as a kernel panic or crash, as demonstrated by the Syzbot report showing a kernel oops in the clear_inode() function. The root cause is the lack of a proper check rejecting on-disk inodes of unsupported types, which can cause the kernel to execute invalid instructions and crash. This vulnerability affects Linux kernel versions prior to the patch that adds the extra validation check for inode types in the JFS code path. Exploiting this flaw requires the presence of a malicious or corrupted JFS filesystem image containing unsupported inode types, which when mounted or accessed, triggers the kernel panic. There is no indication of known exploits in the wild at this time, and the vulnerability does not require user interaction but does require kernel-level access to mount or interact with the affected filesystem. The impact is primarily a denial of service (DoS) condition due to kernel crashes, potentially affecting system availability and stability.
Potential Impact
For European organizations, this vulnerability poses a risk mainly to systems running Linux kernels with JFS filesystems, which, while less common than ext4 or XFS, are still used in certain legacy or specialized environments. The primary impact is denial of service through kernel crashes, which can disrupt critical services, especially in infrastructure, hosting providers, or embedded systems relying on Linux. Organizations using JFS for storage or archival purposes could face system instability or downtime if exposed to crafted or corrupted filesystem images. Although no remote code execution or privilege escalation is indicated, the DoS impact can affect availability of servers, network appliances, or industrial control systems running vulnerable kernels. European enterprises with strict uptime requirements, such as financial institutions, telecommunications, or public sector entities, may experience operational disruptions. Additionally, forensic or incident response teams could be hindered if kernel crashes occur during investigation of compromised filesystems. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation or accidental crashes from corrupted media.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2025-37925, ensuring the kernel rejects unsupported JFS inode types. 2) Audit and identify systems using JFS filesystems and consider migrating critical data to more widely supported and actively maintained filesystems like ext4 or XFS to reduce exposure. 3) Implement strict controls on mounting external or untrusted JFS filesystems, including scanning and validation of filesystem images before use. 4) Employ kernel hardening and monitoring tools to detect abnormal kernel oops or crashes indicative of exploitation attempts. 5) For environments where JFS usage is unavoidable, consider deploying kernel crash dump analysis and rapid recovery mechanisms to minimize downtime. 6) Maintain updated backups and disaster recovery plans to restore systems affected by potential DoS conditions. 7) Limit kernel-level access to trusted administrators and enforce strict access controls to reduce risk of malicious filesystem insertion. These steps go beyond generic advice by focusing on filesystem-specific controls, patch management, and operational procedures tailored to the nature of this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Finland
CVE-2025-37925: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> This happens when 'clear_inode()' makes an attempt to finalize an underlying JFS inode of unknown type. According to JFS layout description from https://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to 15 are reserved for future extensions and should not be encountered on a valid filesystem. So add an extra check for valid inode type in 'copy_from_dinode()'.
AI-Powered Analysis
Technical Analysis
CVE-2025-37925 is a vulnerability identified in the Linux kernel specifically affecting the Journaled File System (JFS) implementation. The issue arises when the kernel function clear_inode() attempts to finalize an underlying JFS inode of an unsupported or unknown type. According to the JFS filesystem layout specification, inode types ranging from 5 to 15 are reserved for future extensions and should not appear on a valid filesystem. However, the vulnerability occurs because the kernel does not adequately validate the inode type during the copy_from_dinode() operation, which leads to a kernel BUG triggered by an invalid opcode exception. This bug manifests as a kernel panic or crash, as demonstrated by the Syzbot report showing a kernel oops in the clear_inode() function. The root cause is the lack of a proper check rejecting on-disk inodes of unsupported types, which can cause the kernel to execute invalid instructions and crash. This vulnerability affects Linux kernel versions prior to the patch that adds the extra validation check for inode types in the JFS code path. Exploiting this flaw requires the presence of a malicious or corrupted JFS filesystem image containing unsupported inode types, which when mounted or accessed, triggers the kernel panic. There is no indication of known exploits in the wild at this time, and the vulnerability does not require user interaction but does require kernel-level access to mount or interact with the affected filesystem. The impact is primarily a denial of service (DoS) condition due to kernel crashes, potentially affecting system availability and stability.
Potential Impact
For European organizations, this vulnerability poses a risk mainly to systems running Linux kernels with JFS filesystems, which, while less common than ext4 or XFS, are still used in certain legacy or specialized environments. The primary impact is denial of service through kernel crashes, which can disrupt critical services, especially in infrastructure, hosting providers, or embedded systems relying on Linux. Organizations using JFS for storage or archival purposes could face system instability or downtime if exposed to crafted or corrupted filesystem images. Although no remote code execution or privilege escalation is indicated, the DoS impact can affect availability of servers, network appliances, or industrial control systems running vulnerable kernels. European enterprises with strict uptime requirements, such as financial institutions, telecommunications, or public sector entities, may experience operational disruptions. Additionally, forensic or incident response teams could be hindered if kernel crashes occur during investigation of compromised filesystems. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation or accidental crashes from corrupted media.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2025-37925, ensuring the kernel rejects unsupported JFS inode types. 2) Audit and identify systems using JFS filesystems and consider migrating critical data to more widely supported and actively maintained filesystems like ext4 or XFS to reduce exposure. 3) Implement strict controls on mounting external or untrusted JFS filesystems, including scanning and validation of filesystem images before use. 4) Employ kernel hardening and monitoring tools to detect abnormal kernel oops or crashes indicative of exploitation attempts. 5) For environments where JFS usage is unavoidable, consider deploying kernel crash dump analysis and rapid recovery mechanisms to minimize downtime. 6) Maintain updated backups and disaster recovery plans to restore systems affected by potential DoS conditions. 7) Limit kernel-level access to trusted administrators and enforce strict access controls to reduce risk of malicious filesystem insertion. These steps go beyond generic advice by focusing on filesystem-specific controls, patch management, and operational procedures tailored to the nature of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-04-16T04:51:23.969Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe84b3
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 7/4/2025, 1:42:16 AM
Last updated: 8/7/2025, 7:30:53 PM
Views: 9
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.