{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-22072","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.814Z","datePublished":"2025-04-16T14:12:24.571Z","dateUpdated":"2026-05-11T21:12:06.799Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:12:06.799Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix gang directory lifetimes\n\nprior to \"[POWERPC] spufs: Fix gang destroy leaks\" we used to have\na problem with gang lifetimes - creation of a gang returns opened\ngang directory, which normally gets removed when that gets closed,\nbut if somebody has created a context belonging to that gang and\nkept it alive until the gang got closed, removal failed and we\nended up with a leak.\n\nUnfortunately, it had been fixed the wrong way.  Dentry of gang\ndirectory was no longer pinned, and rmdir on close was gone.\nOne problem was that failure of open kept calling simple_rmdir()\nas cleanup, which meant an unbalanced dput().  Another bug was\nin the success case - gang creation incremented link count on\nroot directory, but that was no longer undone when gang got\ndestroyed.\n\nFix consists of\n\t* reverting the commit in question\n\t* adding a counter to gang, protected by ->i_rwsem\nof gang directory inode.\n\t* having it set to 1 at creation time, dropped\nin both spufs_dir_close() and spufs_gang_close() and bumped\nin spufs_create_context(), provided that it's not 0.\n\t* using simple_recursive_removal() to take the gang\ndirectory out when counter reaches zero."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/platforms/cell/spufs/gang.c","arch/powerpc/platforms/cell/spufs/inode.c","arch/powerpc/platforms/cell/spufs/spufs.h"],"versions":[{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"880e7b3da2e765c1f90c94c0539be039e96c7062","status":"affected","versionType":"git"},{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"324f280806aab28ef757aecc18df419676c10ef8","status":"affected","versionType":"git"},{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"029d8c711f5e5fe8cf63e8a4a1a140a06e224e45","status":"affected","versionType":"git"},{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"903733782f3ae28a2f7fe4dfb47c7fe3e079a528","status":"affected","versionType":"git"},{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"fc646a6c6d14b5d581f162a7e32999f789e3a3ac","status":"affected","versionType":"git"},{"version":"877907d37da9694a34adc9dc3e2ce09400148cb5","lessThan":"c134deabf4784e155d360744d4a6a835b9de4dd4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["arch/powerpc/platforms/cell/spufs/gang.c","arch/powerpc/platforms/cell/spufs/inode.c","arch/powerpc/platforms/cell/spufs/spufs.h"],"versions":[{"version":"2.6.22","status":"affected"},{"version":"0","lessThan":"2.6.22","status":"unaffected","versionType":"semver"},{"version":"6.1.134","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.87","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.23","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.11","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14.2","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.1.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.6.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.12.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.13.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.14.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.22","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062"},{"url":"https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8"},{"url":"https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45"},{"url":"https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528"},{"url":"https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac"},{"url":"https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4"}],"title":"spufs: fix gang directory lifetimes","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:41:52.282Z"}}]}}