LiveActive security incident?Get immediate response
CVE Record

CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()

In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() changes the inode data layout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS. At the same time, another thread may execute ext4_map_blocks(), which tests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks() or ext4_ind_map_blocks(). Without i_data_sem protection, ext4_ind_map_blocks() may receive inode with EXT4_INODE_EXTENTS flag and triggering assert. kernel BUG at fs/ext4/indirect.c:546! EXT4-fs (loop2): unmounting filesystem. invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:ext4_ind_map_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546 Call Trace: <TASK> ext4_map_blocks+0xb9b/0x16f0 fs/ext4/inode.c:681 _ext4_get_block+0x242/0x590 fs/ext4/inode.c:822 ext4_block_write_begin+0x48b/0x12c0 fs/ext4/inode.c:1124 ext4_write_begin+0x598/0xef0 fs/ext4/inode.c:1255 ext4_da_write_begin+0x21e/0x9c0 fs/ext4/inode.c:3000 generic_perform_write+0x259/0x5d0 mm/filemap.c:3846 ext4_buffered_write_iter+0x15b/0x470 fs/ext4/file.c:285 ext4_file_write_iter+0x8e0/0x17f0 fs/ext4/file.c:679 call_write_iter include/linux/fs.h:2271 [inline] do_iter_readv_writev+0x212/0x3c0 fs/read_write.c:735 do_iter_write+0x186/0x710 fs/read_write.c:861 vfs_iter_write+0x70/0xa0 fs/read_write.c:902 iter_file_splice_write+0x73b/0xc90 fs/splice.c:685 do_splice_from fs/splice.c:763 [inline] direct_splice_actor+0x10f/0x170 fs/splice.c:950 splice_direct_to_actor+0x33a/0xa10 fs/splice.c:896 do_splice_direct+0x1a9/0x280 fs/splice.c:1002 do_sendfile+0xb13/0x12c0 fs/read_write.c:1255 __do_sys_sendfile64 fs/read_write.c:1323 [inline] __se_sys_sendfile64 fs/read_write.c:1309 [inline] __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel ext4 filesystem race condition that can make the kernel hit an internal BUG and crash. The public bundle shows a reliability and availability concern, not confirmed data theft or privilege escalation. No CVSS score or active exploitation evidence is provided.

Executive priority

Schedule remediation through normal kernel patch governance, with faster action for critical ext4 systems where a kernel crash would affect operations. Current evidence does not support emergency internet-wide response, but the issue can affect platform availability.

Technical view

ext4_destroy_inline_data_nolock() changes inode layout flags without i_data_sem protection while ext4_map_blocks() may concurrently choose the indirect or extents mapping path. The race can send an extents-marked inode into ext4_ind_map_blocks(), triggering an assertion and kernel BUG.

Likely exposure

Exposure is likely limited to systems running affected Linux kernels with ext4 filesystems and workloads that exercise inline-data destruction and block mapping. Servers, appliances, embedded systems, and container hosts using ext4 should be inventoried. The Siemens advisory is cited, but product-specific impact details are not included in the provided bundle.

Exploitation context

The bundle provides a crash trace and stable kernel fix references, but no exploit code, KEV listing, or active exploitation report. Treat this as a potential local or workload-triggered denial-of-service condition unless vendor advisories state broader impact.

Researcher notes

The key bug is missing i_data_sem serialization around inline-data layout transition. The source evidence supports a race-induced assertion in ext4_ind_map_blocks(). Severity remains uncertain because CVSS, exploitation prerequisites, and product-specific downstream impact are not provided.

Mitigation direction

  • Check distribution or vendor advisories for fixed kernel packages.
  • Prioritize kernel updates on ext4-backed availability-critical systems.
  • Review Siemens SSA-019113 if Siemens products are in scope.
  • Avoid assuming non-Linux or non-ext4 systems are affected from this bundle alone.

Validation and detection

  • Inventory Linux kernel versions across ext4-backed systems.
  • Confirm whether running kernels match vendor-affected ranges.
  • Verify update status against Linux stable or distribution fixes.
  • Check logs for kernel BUG traces involving ext4_ind_map_blocks.
Prepared
Confidence
medium
Sources
11

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2025-68261 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
10Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxc755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, c755e251357a0cee0679081f08c3f4ba797a8009, 3e96c3fdcfccb321a9e1623f78cc71b44593e965, 5781ac24bbd998ebb1ff30143bb06244d847af48, 9b06cce3ca4d60d442c39bfa7c058b71b1cee6c2, da1e40237f8f3516581b534c484c236a79ccfd14, 7cf6b709b6412afd1d93b2c4b37163c3602e3b95, 3.16.44, 3.18.107, 4.4.129, 4.9.14, 4.10.2unaffected
LinuxLinux4.11, 0, 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.62, 6.17.12, 6.18.1, 6.19affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.