CVE-2025-71295 PUBLISHED

fs/buffer: add alert in try_to_free_buffers() for folios without buffers

Assigner: Linux
Reserved: 06.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

fs/buffer: add alert in try_to_free_buffers() for folios without buffers

try_to_free_buffers() can be called on folios with no buffers attached when filemap_release_folio() is invoked on a folio belonging to a mapping with AS_RELEASE_ALWAYS set but no release_folio operation defined.

In such cases, folio_needs_release() returns true because of the AS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This causes try_to_free_buffers() to call drop_buffers() on a folio with no buffers, leading to a null pointer dereference.

Adding a check in try_to_free_buffers() to return early if the folio has no buffers attached, with WARN_ON_ONCE() to alert about the misconfiguration. This provides defensive hardening.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 1b111a69a6e33a922622bf9870e4e63fb2b649c8 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c1b6227555c52781178132b7a06466711855795c (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 727e5140e0cf83b4ce6a11b89bb73bff5d96f8f3 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 42c32d7571ccd8ef32351cac506f00b0fae99fd2 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to c6246ca15999053d2632fbcc7b86e6eef7f077cb (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to b68f91ef3b3fe82ad78c417de71b675699a8467c (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.1.165 to 6.1.* (incl.)
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References