CVE-2025-22122: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22122 is a vulnerability discovered in the Linux kernel related to block device handling. The issue was disclosed on April 16, 2025, affecting the kernel's bio (block I/O) subsystem, specifically in handling large folios on certain architectures like aarch64 (NVD CVE, Red Hat CVE).

The vulnerability occurs when handling folios larger than 4GB, particularly on architectures like aarch64 where 16GB hugepages are supported. The issue manifests in the bioaddfolionofail() function where the 'offset' of the folio cannot be properly held in an 'unsigned int' type, leading to potential overflow of the bioffset value. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat CVE).

The vulnerability can result in I/O failures and system warnings when attempting to handle large folios in the block I/O subsystem. This primarily affects systems using large hugepages, particularly on 64-bit architectures that support extended memory addressing (NVD CVE).

A fix has been implemented that adjusts the 'page' handling and trims the 'offset' to prevent bi_offset overflow, ensuring folios can be added to bio successfully. The fix has been incorporated into various Linux distributions, with Red Hat Enterprise Linux 9 having deferred the fix for both standard and RT kernels (Red Hat CVE, Debian Tracker).