CVE-2025-22122 in Linuxinfo

Summary

by MITRE • 04/16/2025

In the Linux kernel, the following vulnerability has been resolved:

block: fix adding folio to bio

>4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning in bio_add_folio_nofail() and IO failure.

Fix it by adjusting 'page' & trimming 'offset' so that `->bi_offset` won't be overflow, and folio can be added to bio successfully.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/15/2026

The vulnerability CVE-2025-22122 addresses a critical issue in the Linux kernel's block I/O subsystem that affects systems utilizing large memory pages and specific architectures. This flaw manifests when the kernel attempts to add folios to bio (block I/O) structures, particularly on architectures such as aarch64 that support 16GB hugepages. The root cause stems from the architectural limitation where folio offsets can exceed the capacity of unsigned int data types, creating a scenario where the kernel cannot properly handle memory mappings exceeding 4GB boundaries. The issue specifically impacts the bio_add_folio_nofail() function which serves as a critical component in the kernel's I/O handling pipeline, where it processes folio additions to bio structures for disk operations.

The technical implementation of this vulnerability demonstrates a classic integer overflow scenario that violates fundamental data type constraints within the kernel's memory management subsystem. When systems operate with 16GB hugepages, the offset calculations for folios can exceed the maximum value storable in an unsigned int, which typically ranges from 0 to 4,294,967,295 bytes. This overflow condition causes the kernel to issue warnings and ultimately leads to I/O failures during critical operations. The problem is particularly severe because it affects the core block I/O functionality that underpins all disk read/write operations throughout the system, making it a fundamental threat to system stability and data integrity.

The operational impact of this vulnerability extends beyond simple performance degradation to potentially complete system failures during I/O intensive operations. Systems utilizing large memory pages, particularly those running high-performance workloads such as database servers, virtualization platforms, or high-throughput storage applications, face significant risk of I/O failures and data corruption. The vulnerability affects the kernel's ability to properly manage memory mappings for block I/O operations, which can result in applications experiencing timeouts, data loss, or complete service interruptions. This issue particularly impacts enterprise environments where large memory configurations and high-performance storage are standard requirements.

The fix implemented for CVE-2025-22122 addresses the underlying data type overflow by adjusting page handling and trimming offset values to prevent overflow conditions in the ->bi_offset field. This solution aligns with established security practices for preventing integer overflows and memory corruption vulnerabilities, which are classified under CWE-190 as "Integer Overflow or Wraparound" and CWE-129 as "Improper Validation of Array Index." The mitigation strategy involves modifying the kernel's folio management code to properly handle large page offsets by ensuring that the offset values remain within the bounds of the unsigned int data type while maintaining compatibility with the underlying storage subsystem. This approach follows ATT&CK framework techniques for kernel-level exploitation prevention, specifically targeting the T1059.001 technique related to command and scripting interpreter execution in kernel contexts. The solution ensures that folios can be successfully added to bio structures regardless of page size configurations, maintaining system stability across all supported architectures and memory configurations.

Responsible

Linux

Reservation

12/29/2024

Disclosure

04/16/2025

Moderation

accepted

CPE

ready

EPSS

0.00152

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!