[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-22121":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":26,"state":9,"summary":27,"references_raw":29,"kevs":36,"epss":9,"epss_history":37,"metrics":38,"affected":45},"DEBIAN-CVE-2025-22121","In the Linux kernel, the following vulnerability has been resolved:  ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()  There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172  CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace:  __dump_stack lib/dump_stack.c:82 [inline]  dump_stack+0xbe/0xfd lib/dump_stack.c:123  print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400  __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560  kasan_report+0x3a/0x50 mm/kasan/report.c:585  ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137  ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896  ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323  evict+0x39f/0x880 fs/inode.c:622  iput_final fs/inode.c:1746 [inline]  iput fs/inode.c:1772 [inline]  iput+0x525/0x6c0 fs/inode.c:1758  ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]  ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300  mount_bdev+0x355/0x410 fs/super.c:1446  legacy_get_tree+0xfe/0x220 fs/fs_context.c:611  vfs_get_tree+0x8d/0x2f0 fs/super.c:1576  do_new_mount fs/namespace.c:2983 [inline]  path_mount+0x119a/0x1ad0 fs/namespace.c:3316  do_mount+0xfc/0x110 fs/namespace.c:3329  __do_sys_mount fs/namespace.c:3540 [inline]  __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514  do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46  entry_SYSCALL_64_after_hwframe+0x67/0xd1  Memory state around the buggy address:  ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff                    ^  ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  Above issue happens as ext4_xattr_delete_inode() isn't check xattr is valid if xattr is in inode. To solve above issue call xattr_check_inode() check if xattr if valid in inode. In fact, we can directly verify in ext4_iget_extra_inode(), so that there is no divergent verification.",null,[],[],[],[14],{"_key":15},"CVE-2025-22121",[17,19,21],{"_key":18},"DLA-4476-1",{"_key":20},"DLA-4475-1",{"_key":22},"DSA-6127-1",[],[],"2025-04-16T15:16:06.277Z","2026-04-28T20:29:08.805873Z",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[30],{"url":31,"sources":32,"tags":34},"https://security-tracker.debian.org/tracker/CVE-2025-22121",[33],"osv_debian",[35],"Advisory",[],[],[39],{"source":33,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":40,"cvss_v4_0":9},{"baseScore":41,"baseSeverity":9,"vectorString":42,"impactScore":43,"exploitabilityScore":44},7.1,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",8.7,4.6,[46,70],{"ecosystem":47,"name":48,"vendor":49,"product":48,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":48,"source":9,"versions":51},"Debian","linux","debian","deb",[52,56,57,61,64,67],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":58,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":59,"version_end_type":60,"fixed_in":9},"lt5_10_249_1","5.10.249-1","excluding",{"version":62,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":63,"version_end_type":60,"fixed_in":9},"lt6_1_162_1","6.1.162-1",{"version":65,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":66,"version_end_type":60,"fixed_in":9},"lt6_12_63_1","6.12.63-1",{"version":68,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":69,"version_end_type":60,"fixed_in":9},"lt6_16_3_1","6.16.3-1",{"ecosystem":47,"name":71,"vendor":49,"product":71,"cpe_part":9,"purl_type":50,"purl_namespace":49,"purl_name":71,"source":9,"versions":72},"linux-6.1",[73,74],{"version":53,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":75,"is_range":54,"range_type":55,"version_start":9,"version_start_type":9,"version_end":76,"version_end_type":60,"fixed_in":9},"lt6_1_162_1~deb11u1","6.1.162-1~deb11u1"]