CVE-2025-22127 in Linux
Summary
by MITRE • 04/16/2025
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix potential deadloop in prepare_compress_overwrite()
Jan Prusakowski reported a kernel hang issue as below:
When running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I encountered a problem in generic/475 test where fsstress process gets blocked in __f2fs_write_data_pages() and the test hangs. The options I used are:
MKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc MOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc
INFO: task kworker/u8:0:11 blocked for more than 122 seconds. Not tainted 6.14.0-rc3-xfstests-lockdep #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000 Workqueue: writeback wb_workfn (flush-253:0) Call Trace: __schedule+0x309/0x8e0 schedule+0x3a/0x100 schedule_preempt_disabled+0x15/0x30 __mutex_lock+0x59a/0xdb0 __f2fs_write_data_pages+0x3ac/0x400 do_writepages+0xe8/0x290 __writeback_single_inode+0x5c/0x360 writeback_sb_inodes+0x22f/0x570 wb_writeback+0xb0/0x410 wb_do_writeback+0x47/0x2f0 wb_workfn+0x5a/0x1c0 process_one_work+0x223/0x5b0 worker_thread+0x1d5/0x3c0 kthread+0xfd/0x230 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30
The root cause is: once generic/475 starts toload error table to dm device, f2fs_prepare_compress_overwrite() will loop reading compressed cluster pages due to IO error, meanwhile it has held .writepages lock, it can block all other writeback tasks.
Let's fix this issue w/ below changes: - add f2fs_handle_page_eio() in prepare_compress_overwrite() to detect IO error. - detect cp_error earler in f2fs_read_multi_pages().
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability CVE-2025-22127 affects the Linux kernel's f2fs filesystem implementation and represents a critical deadloop condition that can lead to system hangs. This issue manifests when the f2fs filesystem attempts to handle compressed data pages during write operations, specifically within the prepare_compress_overwrite() function. The root cause stems from a design flaw where the kernel thread becomes indefinitely blocked while attempting to read compressed cluster pages, resulting in a complete system hang that prevents normal system operation. The vulnerability was identified through extensive testing using xfstests framework, particularly in the generic/475 test case which involves stress testing with fsstress processes.
The technical flaw occurs when the f2fs filesystem encounters I/O errors while processing compressed data pages during the compression overwrite operation. The prepare_compress_overwrite() function enters an infinite loop attempting to read compressed cluster pages, while simultaneously holding the .writepages lock, which prevents other writeback operations from proceeding. This creates a deadlock condition where the kernel worker thread remains blocked indefinitely, causing the system to become unresponsive. The issue is particularly severe because it affects the core writeback mechanism of the filesystem, blocking all subsequent I/O operations that depend on the same lock mechanism. The system exhibits symptoms of a hung task with the kworker thread stuck in __f2fs_write_data_pages() function, as evidenced by the detailed kernel stack trace showing the blocking behavior.
The operational impact of this vulnerability extends beyond simple system hangs to potentially compromise system availability and stability. When the kernel enters this deadloop state, all writeback operations are blocked, which can cause applications to hang or crash when attempting to write data to the filesystem. The vulnerability affects systems running Linux kernel versions 6.12 and 6.14 with the f2fs filesystem configured with compression extensions, making it particularly dangerous in production environments where data integrity and system responsiveness are critical. The issue can be triggered through normal filesystem operations involving compressed data, making it difficult to predict and prevent. This vulnerability directly impacts the filesystem's ability to handle I/O errors gracefully and can lead to complete system lockups that require manual intervention or system reboot.
The mitigation strategy for CVE-2025-22127 involves implementing two key changes to the f2fs filesystem codebase. First, the fix introduces f2fs_handle_page_eio() function within prepare_compress_overwrite() to properly detect and handle I/O errors during compressed page reading operations, preventing the infinite loop condition. Second, the fix implements earlier detection of cp_error conditions within f2fs_read_multi_pages() function to ensure that I/O errors are handled promptly before they can cause the deadlock scenario. These changes align with the CWE-835 principle of avoiding infinite loops in critical system functions and follow ATT&CK technique T1489 which addresses system network configuration modification and denial of service conditions. The fix ensures that I/O errors are properly propagated and handled without blocking the filesystem's writeback mechanism, thereby maintaining system stability and preventing the conditions that lead to complete system hangs. This remediation addresses the core design flaw that allowed the kernel to become indefinitely blocked while holding critical locks.