{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22076", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.815Z", "datePublished": "2025-04-16T14:12:27.214Z", "dateUpdated": "2025-05-26T05:17:57.120Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-26T05:17:57.120Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix missing shutdown check\n\nxfstests generic/730 test failed because after deleting the device\nthat still had dirty data, the file could still be read without\nreturning an error. The reason is the missing shutdown check in\n->read_iter.\n\nI also noticed that shutdown checks were missing from ->write_iter,\n->splice_read, and ->mmap. This commit adds shutdown checks to all\nof them."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/exfat/file.c"], "versions": [{"version": "f761fcdd289d07e8547fef7ac76c3760fc7803f2", "lessThan": "4a9595eb024b8319957c178be3cdeed613ac0795", "status": "affected", "versionType": "git"}, {"version": "f761fcdd289d07e8547fef7ac76c3760fc7803f2", "lessThan": "e41e33eb795cb9c1ead6ac627d8710546fac6e81", "status": "affected", "versionType": "git"}, {"version": "f761fcdd289d07e8547fef7ac76c3760fc7803f2", "lessThan": "539147585ca453db6e3d7a5cf3b9c9690513762d", "status": "affected", "versionType": "git"}, {"version": "f761fcdd289d07e8547fef7ac76c3760fc7803f2", "lessThan": "47e35366bc6fa3cf189a8305bce63992495f3efa", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/exfat/file.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.23", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.11", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.2", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.13.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.14.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4a9595eb024b8319957c178be3cdeed613ac0795"}, {"url": "https://git.kernel.org/stable/c/e41e33eb795cb9c1ead6ac627d8710546fac6e81"}, {"url": "https://git.kernel.org/stable/c/539147585ca453db6e3d7a5cf3b9c9690513762d"}, {"url": "https://git.kernel.org/stable/c/47e35366bc6fa3cf189a8305bce63992495f3efa"}], "title": "exfat: fix missing shutdown check", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "442B00D1-26AD-4DD9-B74A-E818807D3E2B", "versionEndExcluding": "6.12.23", "versionStartIncluding": "6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7E864B0-8C00-4679-BA55-659B4C9C3AD3", "versionEndExcluding": "6.13.11", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix missing shutdown check\n\nxfstests generic/730 test failed because after deleting the device\nthat still had dirty data, the file could still be read without\nreturning an error. The reason is the missing shutdown check in\n->read_iter.\n\nI also noticed that shutdown checks were missing from ->write_iter,\n->splice_read, and ->mmap. This commit adds shutdown checks to all\nof them."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: se corrige la falta de comprobaci\u00f3n de apagado. La prueba gen\u00e9rica/730 de xfstests fall\u00f3 porque, tras eliminar el dispositivo que a\u00fan conten\u00eda datos corruptos, el archivo a\u00fan se pod\u00eda leer sin devolver un error. El motivo es la falta de comprobaci\u00f3n de apagado en ->read_iter. Tambi\u00e9n observ\u00e9 que faltaban comprobaciones de apagado en ->write_iter, ->splice_read y ->mmap. Esta confirmaci\u00f3n a\u00f1ade comprobaciones de apagado a todas ellas."}], "id": "CVE-2025-22076", "lastModified": "2025-10-31T20:46:24.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-16T15:16:01.813", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47e35366bc6fa3cf189a8305bce63992495f3efa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4a9595eb024b8319957c178be3cdeed613ac0795"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/539147585ca453db6e3d7a5cf3b9c9690513762d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e41e33eb795cb9c1ead6ac627d8710546fac6e81"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: exfat: fix missing shutdown check", "id": "2360220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360220"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nexfat: fix missing shutdown check\nxfstests generic/730 test failed because after deleting the device\nthat still had dirty data, the file could still be read without\nreturning an error. The reason is the missing shutdown check in\n->read_iter.\nI also noticed that shutdown checks were missing from ->write_iter,\n->splice_read, and ->mmap. This commit adds shutdown checks to all\nof them."], "name": "CVE-2025-22076", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22076\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22076\nhttps://lore.kernel.org/linux-cve-announce/2025041612-CVE-2025-22076-88bb@gregkh/T"], "threat_severity": "Moderate"}