CVE-2025-21679

MEDIUM EPSS 6.6%
Published Jan 31, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 31, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥6.12.5  –  <6.12.11
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192
    Patch