CVE-2025-39885: 
Linux Kernel vulnerability analysis and mitigation

A recursive semaphore deadlock vulnerability was discovered in the Linux kernel's OCFS2 filesystem implementation, identified as CVE-2025-39885. The vulnerability was discovered by syzbot and reported on September 23, 2025. The issue affects the Linux kernel's handling of FS_IOC_FIEMAP calls on specially crafted mmap files in OCFS2 filesystems (NVD).

The vulnerability occurs when ocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore and calls fiemap_fill_next_extent() to read the extent list of a running mmap executable. When the user-supplied buffer for fiemap information triggers a page fault, it calls ocfs2_page_mkwrite() which attempts to take a write lock of the same semaphore. This recursive semaphore condition leads to filesystem locks being held indefinitely, causing a system hang (NVD).

The vulnerability results in a filesystem hang condition when triggered, effectively causing a denial of service in the OCFS2 filesystem. The issue affects multiple Linux distributions including Debian's bullseye, bookworm, and trixie releases (Debian Tracker).

The fix involves releasing the read semaphore before calling fiemap_fill_next_extent() in both ocfs2_fiemap() and ocfs2_fiemap_inline() functions. While this results in an unnecessary semaphore lock/unlock on the last extent, it simplifies the error path. The vulnerability has been fixed in various Linux distributions, including version 6.12.48-1 for Debian trixie and 6.16.8-1 for Debian forky (Debian Tracker).