What is CVE-2025-22121?

CVE-2025-22121 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10, classified as a Out-of-bounds Read flaw (CWE-125), affecting Linux kernel versions from 4.13 onward and patched in 5.10.248, 5.15.198, 6.1.161 and others. CVE-2025-22121 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-22121?

CVE-2025-22121 has a CVSS score of 7.1 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Is there a patch available for CVE-2025-22121?

Yes, CVE-2025-22121 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.161 and others. If you are running Linux kernel 4.13 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-22121 actively exploited?

CVE-2025-22121 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/125.html

CVE-2025-22121

High

In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0xbe/0xfd lib/dump_stack.c:123 print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137 ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896 ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323 evict+0x39f/0x880 fs/inode.c:622 iput_final fs/inode.c:1746 [inline] iput fs/inode.c:1772 [inline] iput+0x525/0x6c0 fs/inode.c:1758 ext4_orphan_cleanup fs/ext4/super.c:3298 [inline] ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300 mount_bdev+0x355/0x410 fs/super.c:1446 legacy_get_tree+0xfe/0x220 fs/fs_context.c:611 vfs_get_tree+0x8d/0x2f0 fs/super.c:1576 do_new_mount fs/namespace.c:2983 [inline] path_mount+0x119a/0x1ad0 fs/namespace.c:3316 do_mount+0xfc/0x110 fs/namespace.c:3329 __do_sys_mount fs/namespace.c:3540 [inline] __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Memory state around the buggy address: ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Above issue happens as ext4_xattr_delete_inode() isn't check xattr is valid if xattr is in inode. To solve above issue call xattr_check_inode() check if xattr if valid in inode. In fact, we can directly verify in ext4_iget_extra_inode(), so that there is no divergent verification.

Package Linux Kernel

Published 2025-04-16

Last modified 2026-01-19

CVSS version 3.1

Patch available

Yes

CVSS 3.1 score

7.1

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness type

CWE-125

CVE-2025-22121 is a Out-of-bounds Read vulnerability

What is Out-of-bounds Read?

The product reads data past the end or before the beginning of the intended buffer. Learn more on MITRE CWE

Affected versions

Linux kernel versions 4.13 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.161, 6.6.120, 6.12.59, 6.14.2, 6.15 and their respective stable series.

Affected from

≥ 4.13

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.161 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.59 6.12.x ✓ 6.14.2 6.14.x ✓ 6.15

References

The following references provide additional information about CVE-2025-22121 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/098927a13fd918bd7c64c2de905350a1ad7b4a3a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/0c8fbb6ffb3c8f5164572ca88e4ccb6cd6a41ca8
Patch
Kernel patch commit
https://git.kernel.org/stable/c/27202452b0bc942fdc3db72a44c4dcdab96d5b56
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2025-22121

Severity High

CVSS score 7.1 / 10

CVSS version 3.1

Published 2025-04-16

Modified 2026-01-19

KEV No

Patch

Yes

Package linux

Frequently asked questions

What is CVE-2025-22121?

CVE-2025-22121 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 , classified as an Out-of-bounds Read flaw (CWE-125) . It affects Linux kernel versions from 4.13 onward and has been patched in 5.10.248, 5.15.198, 6.1.161 and others. CVE-2025-22121 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2025-22121?

CVE-2025-22121 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Is there a patch available for CVE-2025-22121?

Yes — CVE-2025-22121 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.161 and others. If you are running Linux kernel 4.13 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-22121 actively exploited?

No — CVE-2025-22121 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Out-of-bounds Read (CWE-125)?

The product reads data past the end or before the beginning of the intended buffer. View CWE-125 on MITRE CWE →