CVE-2025-22036: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22036 is a vulnerability discovered in the Linux kernel's exFAT filesystem implementation that was disclosed on April 16, 2025. The vulnerability involves random stack corruption that occurs after the getblock operation when a bufferhead is allocated on the stack, such as in dompagereadpage operations (NVD, Red Hat CVE).

The vulnerability manifests as a race condition that leads to bufferhead Use-After-Free (UAF) when getblock is called with a bufferhead allocated on the stack. The issue occurs in a specific sequence of operations involving mpagereadfolio, dompagereadpage, exfatgetblock, and related functions, ultimately resulting in stack corruption when atomicdec(bh->b_count) is called. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability can lead to stack corruption in the Linux kernel when accessing exFAT filesystems, potentially causing system instability or crashes. The CVSS scoring indicates that while the vulnerability requires local access and cannot directly compromise confidentiality or integrity, it can have a high impact on system availability (Red Hat CVE).

A fix has been implemented that returns -EAGAIN if a folio does not have buffers when bhread needs to be called. This allows the caller to fall back to functions like blockreadfullfolio(), create a bufferhead in the folio, and then call getblock again. The fix has been incorporated into Linux kernel version 6.12.25-1 and backported to various distributions (Debian Tracker).