{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68337","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.297Z","datePublished":"2025-12-22T16:14:14.145Z","dateUpdated":"2026-05-11T21:51:14.542Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:51:14.542Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted\n\nThere's issue when file system corrupted:\n------------[ cut here ]------------\nkernel BUG at fs/jbd2/transaction.c:1289!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next\nRIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0\nRSP: 0018:ffff888117aafa30 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534\nRDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010\nRBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028\nR10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0\nCall Trace:\n <TASK>\n __ext4_journal_get_create_access+0x42/0x170\n ext4_getblk+0x319/0x6f0\n ext4_bread+0x11/0x100\n ext4_append+0x1e6/0x4a0\n ext4_init_new_dir+0x145/0x1d0\n ext4_mkdir+0x326/0x920\n vfs_mkdir+0x45c/0x740\n do_mkdirat+0x234/0x2f0\n __x64_sys_mkdir+0xd6/0x120\n do_syscall_64+0x5f/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe above issue occurs with us in errors=continue mode when accompanied by\nstorage failures. There have been many inconsistencies in the file system\ndata.\nIn the case of file system data inconsistency, for example, if the block\nbitmap of a referenced block is not set, it can lead to the situation where\na block being committed is allocated and used again. As a result, the\nfollowing condition will not be satisfied then trigger BUG_ON. Of course,\nit is entirely possible to construct a problematic image that can trigger\nthis BUG_ON through specific operations. In fact, I have constructed such\nan image and easily reproduced this issue.\nTherefore, J_ASSERT() holds true only under ideal conditions, but it may\nnot necessarily be satisfied in exceptional scenarios. Using J_ASSERT()\ndirectly in abnormal situations would cause the system to crash, which is\nclearly not what we want. So here we directly trigger a JBD abort instead\nof immediately invoking BUG_ON."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jbd2/transaction.c"],"versions":[{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"71bbe06c40fc59b5b15661eca8ff307f4176d7f9","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"ed62fd8c15d41c4127ad16b8219b63124f5962bc","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"3faac6531d4818cd6be45e5bbf32937bbbc795c0","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"b4f8eabf6d991bd41fabcdf9302c4b3eab590cf4","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"a2a7f854d154a3e9232fec80782dad951655f52f","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"bf34c72337e40c4670cceeb79b353356933a254b","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"aa1703f3f706ea0867fb1991dcac709c9ec94cfb","status":"affected","versionType":"git"},{"version":"470decc613ab2048b619a01028072d932d9086ee","lessThan":"986835bf4d11032bba4ab8414d18fce038c61bb4","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/jbd2/transaction.c"],"versions":[{"version":"2.6.19","status":"affected"},{"version":"0","lessThan":"2.6.19","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.62","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.12","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.1","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.12.62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.17.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.18.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.19","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/71bbe06c40fc59b5b15661eca8ff307f4176d7f9"},{"url":"https://git.kernel.org/stable/c/ed62fd8c15d41c4127ad16b8219b63124f5962bc"},{"url":"https://git.kernel.org/stable/c/3faac6531d4818cd6be45e5bbf32937bbbc795c0"},{"url":"https://git.kernel.org/stable/c/b4f8eabf6d991bd41fabcdf9302c4b3eab590cf4"},{"url":"https://git.kernel.org/stable/c/a2a7f854d154a3e9232fec80782dad951655f52f"},{"url":"https://git.kernel.org/stable/c/bf34c72337e40c4670cceeb79b353356933a254b"},{"url":"https://git.kernel.org/stable/c/aa1703f3f706ea0867fb1991dcac709c9ec94cfb"},{"url":"https://git.kernel.org/stable/c/986835bf4d11032bba4ab8414d18fce038c61bb4"}],"title":"jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted","x_generator":{"engine":"bippy-1.2.0"}}}}