CVE-2025-21811: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's NILFS2 filesystem, identified as CVE-2025-21811. The issue was found in the nilfslookupdirtydatabuffers() function, which accesses buffers attached to dirty data folios/pages without proper locking mechanisms. This vulnerability was disclosed on February 27, 2025, affecting the Linux kernel's NILFS2 filesystem implementation (NVD).

The vulnerability exists in the nilfslookupdirtydatabuffers() function, which iterates through buffers attached to dirty data folios/pages without proper locking. When the filesystem degenerates to read-only mode, nilfsclearfoliodirty() may be called asynchronously, potentially causing use-after-free issues when buffers lose their dirty state protection and are unintentionally freed by trytofreebuffers(). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Git).

The vulnerability can lead to use-after-free issues in the kernel's filesystem handling, potentially resulting in system crashes, data corruption, or privilege escalation. The issue affects systems using the NILFS2 filesystem, particularly when the filesystem transitions to read-only mode (NVD).

The issue has been fixed by adjusting the lock section in the nilfslookupdirtydatabuffers() function. The fix involves maintaining proper locking of folios/pages while accessing their buffers, preventing the race condition that could lead to use-after-free issues. The patch has been merged into the mainline kernel and is being backported to stable kernel versions (Kernel Git).