CVE-2025-39731
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-07

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: vm_unmap_ram() may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fs_release_decomp_mem() calls vm_unmap_ram() from an invalid context. Example trace from f2fs/007 test: f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007 [ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978 [ 11.471849] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 68, name: irq/22-ufshcd [ 11.475357] preempt_count: 1, expected: 0 [ 11.476970] RCU nest depth: 0, expected: 0 [ 11.478531] CPU: 0 UID: 0 PID: 68 Comm: irq/22-ufshcd Tainted: G W 6.16.0-rc5-xfstests-ufs-g40f92e79b0aa #9 PREEMPT(none) [ 11.478535] Tainted: [W]=WARN [ 11.478536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.478537] Call Trace: [ 11.478543] <TASK> [ 11.478545] dump_stack_lvl+0x4e/0x70 [ 11.478554] __might_resched.cold+0xaf/0xbe [ 11.478557] vm_unmap_ram+0x21/0xb0 [ 11.478560] f2fs_release_decomp_mem+0x59/0x80 [ 11.478563] f2fs_free_dic+0x18/0x1a0 [ 11.478565] f2fs_finish_read_bio+0xd7/0x290 [ 11.478570] blk_update_request+0xec/0x3b0 [ 11.478574] ? sbitmap_queue_clear+0x3b/0x60 [ 11.478576] scsi_end_request+0x27/0x1a0 [ 11.478582] scsi_io_completion+0x40/0x300 [ 11.478583] ufshcd_mcq_poll_cqe_lock+0xa3/0xe0 [ 11.478588] ufshcd_sl_intr+0x194/0x1f0 [ 11.478592] ufshcd_threaded_intr+0x68/0xb0 [ 11.478594] ? __pfx_irq_thread_fn+0x10/0x10 [ 11.478599] irq_thread_fn+0x20/0x60 [ 11.478602] ? __pfx_irq_thread_fn+0x10/0x10 [ 11.478603] irq_thread+0xb9/0x180 [ 11.478605] ? __pfx_irq_thread_dtor+0x10/0x10 [ 11.478607] ? __pfx_irq_thread+0x10/0x10 [ 11.478609] kthread+0x10a/0x230 [ 11.478614] ? __pfx_kthread+0x10/0x10 [ 11.478615] ret_from_fork+0x7e/0xd0 [ 11.478619] ? __pfx_kthread+0x10/0x10 [ 11.478621] ret_from_fork_asm+0x1a/0x30 [ 11.478623] </TASK> This patch modifies in_task() check inside f2fs_read_end_io() to also check if interrupts are disabled. This ensures that pages are unmapped asynchronously in an interrupt handler.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-07
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-09-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39731
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153-1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability is fixed. The patch modifies the in_task() check inside f2fs_read_end_io() to ensure vm_unmap_ram() is called only in valid contexts, preventing the issue. Until the update is applied, monitoring logs for the described warnings can help detect occurrences, but no other specific mitigation steps are provided.


Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's F2FS filesystem where the function vm_unmap_ram() may be called from an invalid context. Specifically, during testing with UFS backed virtual disks, the kernel sometimes reports that f2fs_release_decomp_mem() calls vm_unmap_ram() from a context where it is not allowed, such as an interrupt context where sleeping functions cannot be called. This can cause kernel warnings or bugs because vm_unmap_ram() is a sleeping function and should not be called when interrupts are disabled or in atomic contexts. The patch fixes this by modifying the in_task() check to also verify if interrupts are disabled, ensuring that pages are unmapped asynchronously in an interrupt handler.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to execute a sleeping function (vm_unmap_ram()) from an invalid context, such as an interrupt handler. This can lead to kernel warnings, instability, or crashes, potentially affecting system reliability and performance when using the F2FS filesystem with certain storage configurations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for kernel warnings related to vm_unmap_ram() being called from an invalid context. Specifically, look for messages similar to: 'BUG: sleeping function called from invalid context at mm/vmalloc.c:2978' along with call traces involving f2fs_release_decomp_mem() and vm_unmap_ram(). You can use the command 'dmesg | grep vm_unmap_ram' or 'journalctl -k | grep vm_unmap_ram' to find such messages in the kernel logs.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart