CVE-2025-40196
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors. This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set ...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40196
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves a kernel panic caused by a mismatch in workqueue flags during quota release work. Specifically, when a sync call triggers writeback on an opened file, and the f2fs filesystem needs to balance at the sync path, the quota_release_work is flushed. By default, quota_release_work is queued to the 'events_unbound' workqueue, which lacks the WQ_MEM_RECLAIM flag. During f2fs balance, the writeback workqueue tries to flush quota_release_work, causing a kernel panic due to MEM_RECLAIM flag mismatch errors. The fix creates a dedicated workqueue with the WQ_MEM_RECLAIM flag for quota_release_work to prevent this panic.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to panic and crash when certain filesystem operations involving quota release and f2fs balancing occur. This can lead to system instability, unexpected reboots, potential data loss, and downtime, affecting system availability and reliability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for kernel panic messages related to quota_release_work and workqueue flushing, especially if panic_on_warn is set. Look for kernel logs containing warnings like 'WARNING: CPU: ... check_flush_dependency' and kernel panic messages mentioning 'kernel: panic_on_warn set'. You can check kernel logs using commands such as 'dmesg | grep -i quota_release_work' or 'journalctl -k | grep -i panic'.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that creates a dedicated workqueue with the WQ_MEM_RECLAIM flag for quota_release_work, as this resolves the kernel panic issue. Until the patch is applied, avoid triggering sync calls on opened files that cause writeback with WB_REASON_SYNC on f2fs filesystems, or disable panic_on_warn to prevent kernel panic on warnings.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart