Nilfs2 FITRIM overflow causes system hang
CVE-2025-71237 Published on February 18, 2026
nilfs2: Fix potential block overflow that cause system hang
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: Fix potential block overflow that cause system hang
When a user executes the FITRIM command, an underflow can occur when
calculating nblocks if end_block is too small. Since nblocks is of
type sector_t, which is u64, a negative nblocks value will become a
very large positive integer. This ultimately leads to the block layer
function __blkdev_issue_discard() taking an excessively long time to
process the bio chain, and the ns_segctor_sem lock remains held for a
long period. This prevents other tasks from acquiring the ns_segctor_sem
lock, resulting in the hang reported by syzbot in [1].
If the ending block is too small, typically if it is smaller than 4KiB
range, depending on the usage of the segment 0, it may be possible to
attempt a discard request beyond the device size causing the hang.
Exiting successfully and assign the discarded size (0 in this case)
to range->len.
Although the start and len values in the user input range are too small,
a conservative strategy is adopted here to safely ignore them, which is
equivalent to a no-op; it will not perform any trimming and will not
throw an error.
[1]
task:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000
Call Trace:
rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272
nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]
nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684
[ryusuke: corrected part of the commit message about the consequences]
Products Associated with CVE-2025-71237
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-71237 are published in Linux Kernel:
Affected Versions
Linux:- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below 6457d3ee41a4c15082ac49c5aa7fb933b4a043f3 is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below ba18e5f22f26aa4ef78bc3e81f639d1d4f3845e6 is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below 2438982f635e6cc2009be68ba2efb2998727d8d4 is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below df1e20796c9f3d541cca47fb72e4369ea135642d is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below ea2278657ad0d62596589fbe2caf995e189e65e7 is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below 4aa45f841413cca81882602b4042c53502f34cad is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below b8c5ee234bd54f1447c846101fdaef2cf70c2149 is affected.
- Version 82e11e857be3ffd2a0a952c9db8aa2379e2b9e44 and below ed527ef0c264e4bed6c7b2a158ddf516b17f5f66 is affected.
- Version 3.15 is affected.
- Before 3.15 is unaffected.
- Version 5.10.251, <= 5.10.* is unaffected.
- Version 5.15.201, <= 5.15.* is unaffected.
- Version 6.1.164, <= 6.1.* is unaffected.
- Version 6.6.125, <= 6.6.* is unaffected.
- Version 6.12.72, <= 6.12.* is unaffected.
- Version 6.18.11, <= 6.18.* is unaffected.
- Version 6.19.1, <= 6.19.* is unaffected.
- Version 7.0-rc1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.