CVE-2025-71072

MEDIUM EPSS 2.2%
Published Jan 13, 20265mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures maple_tree insertions can fail if we are seriously short on memory; simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange(). Moreover, shmem_whiteout() expects that if it succeeds, the caller will progress to d_move(), i.e. that shmem_rename2() won't fail past the successful call of shmem_whiteout(). Not hard to fix, fortunately - mtree_store() can't fail if the index we are trying to store into is already present in the tree as a singleton. For simple_offset_rename_exchange() that's enough - we just need to be careful about the order of operations. For simple_offset_rename() solution is to preinsert the target into the tree for new_dir; the rest can be done without any potentially failing operations. That preinsertion has to be done in shmem_rename2() rather than in simple_offset_rename() itself - otherwise we'd need to deal with the possibility of failure after successful shmem_whiteout().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥6.6.1  –  <6.12.64
linuxlinux_kernel*≥6.13  –  <6.18.3
linuxlinux_kernel6.6any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/4642686699a46718d7f2fb5acd1e9d866a9d9cca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1b4c6a58304fd490124cc2b454d80edc786665c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4642686699a46718d7f2fb5acd1e9d866a9d9cca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e1b4c6a58304fd490124cc2b454d80edc786665c
    Patch