{"vulnerability": "CVE-2025-23132", "sightings": [{"uuid": "8d0a7568-16e3-4e62-9160-17784ef6edbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-23132", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "9a04a774-41eb-449c-a07d-306274ef63eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2025-23132", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "d729fd1b-31c7-4c00-870b-6c42c66239db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-23132", "type": "seen", "source": "https://t.me/cvedetector/23114", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23132 - F2FS Linux Kernel Quota Writeback Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23132 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nf2fs: quota: fix to avoid warning in dquot_writeback_dquots()  \n  \nF2FS-fs (dm-59): checkpoint=enable has some unwritten data.  \n  \n------------[ cut here ]------------  \nWARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308  \npc : dquot_writeback_dquots+0x2fc/0x308  \nlr : f2fs_quota_sync+0xcc/0x1c4  \nCall trace:  \ndquot_writeback_dquots+0x2fc/0x308  \nf2fs_quota_sync+0xcc/0x1c4  \nf2fs_write_checkpoint+0x3d4/0x9b0  \nf2fs_issue_checkpoint+0x1bc/0x2c0  \nf2fs_sync_fs+0x54/0x150  \nf2fs_do_sync_file+0x2f8/0x814  \n__f2fs_ioctl+0x1960/0x3244  \nf2fs_ioctl+0x54/0xe0  \n__arm64_sys_ioctl+0xa8/0xe4  \ninvoke_syscall+0x58/0x114  \n  \ncheckpoint and f2fs_remount may race as below, resulting triggering warning  \nin dquot_writeback_dquots().  \n  \natomic write                                    remount  \n                                                - do_remount  \n                                                 - down_write(&sb->s_umount);  \n                                                  - f2fs_remount  \n- ioctl  \n - f2fs_do_sync_file  \n  - f2fs_sync_fs  \n   - f2fs_write_checkpoint  \n    - block_operations  \n     - locked = down_read_trylock(&sbi->sb->s_umount)  \n       : fail to lock due to the write lock was held by remount  \n                                                 - up_write(&sb->s_umount);  \n     - f2fs_quota_sync  \n      - dquot_writeback_dquots  \n       - WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount))  \n       : trigger warning because s_umount lock was unlocked by remount  \n  \nIf checkpoint comes from mount/umount/remount/freeze/quotactl, caller of  \ncheckpoint has already held s_umount lock, calling dquot_writeback_dquots()  \nin the context should be safe.  \n  \nSo let's record task to sbi->umount_lock_holder, so that checkpoint can  \nknow whether the lock has held in the context or not by checking current  \nw/ it.  \n  \nIn addition, in order to not misrepresent caller of checkpoint, we should  \nnot allow to trigger async checkpoint for those callers: mount/umount/remount/  \nfreeze/quotactl. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:36.000000Z"}]}