How severe is CVE-2025-22036?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2025-22036?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2025-22036 - HIGH Severity | CVSS 7

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. <CPU 0> <CPU 1> mpage_read_folio <<bh on stack>> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <<keep going>> ... ... ... ... <<bh is not valid out of mpage_read_folio>> . . another_function <<variable A on stack>> put_bh(bh) atomic_dec(bh->b_count) * stack corruption here * This patch returns -EAGAIN if a folio does not have buffers when bh_read needs to be called. By doing this, the caller can fallback to functions like block_read_full_folio(), create a buffer_head in the folio, and then call get_block again. Let's do not call bh_read() with on-stack buffer_head.

Related Vulnerabilities

CVE-2009-3547

HIGH

CVSS:7.0(High)

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting ...

CWE-3622009

CVE-2010-1437

HIGH

CVSS:7.0(High)

Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel 2.6.34-rc5 and earlier allows local users to cause a denial of service (memory corruption and system ...

CWE-3622010

CVE-2010-5159

HIGH

CVSS:7.0(High)

Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler bu...

CWE-3622010

CVE-2010-5169

HIGH

CVSS:7.0(High)

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not bl...

CWE-3622010

CVE-2010-5181

HIGH

CVSS:7.0(High)

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not...

CWE-3622010

CVE-2011-0699

HIGH

CVSS:7.0(High)

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified oth...

CWE-3622011