CVE-2025-21679
MEDIUM EPSS 6.6%
Published Jan 31, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Jan 31, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 8
References 2
- git.kernel.org https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d
- git.kernel.org https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192
Remediation
- git.kernel.org https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d
- git.kernel.org https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192