Fixed
Created: Nov 12, 2025
Updated: Nov 25, 2025
Resolved Date: Nov 24, 2025
Found In Version: 10.25.33.1
Fix Version: 10.25.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ext4: detect invalid INLINE_DATA + EXTENTS flag combination[EOL][EOL]syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity[EOL]file on a corrupted ext4 filesystem mounted without a journal.[EOL][EOL]The issue is that the filesystem has an inode with both the INLINE_DATA[EOL]and EXTENTS flags set:[EOL][EOL] EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:[EOL] comm syz.0.17: corrupted extent tree: lblk 0 < prev 66[EOL][EOL]Investigation revealed that the inode has both flags set:[EOL] DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1[EOL][EOL]This is an invalid combination since an inode should have either:[EOL]- INLINE_DATA: data stored directly in the inode[EOL]- EXTENTS: data stored in extent-mapped blocks[EOL][EOL]Having both flags causes ext4_has_inline_data() to return true, skipping[EOL]extent tree validation in __ext4_iget(). The unvalidated out-of-order[EOL]extents then trigger a BUG_ON in ext4_es_cache_extent() due to integer[EOL]underflow when calculating hole sizes.[EOL][EOL]Fix this by detecting this invalid flag combination early in ext4_iget()[EOL]and rejecting the corrupted inode.
