- Vulnerability/
- CVE-2025-21679
CVE-2025-21679
First published: Fri Jan 31 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21679?
The severity of CVE-2025-21679 is classified as moderate based on its impact on system functions.
How do I fix CVE-2025-21679?
To fix CVE-2025-21679, ensure that you have the latest patches or updates applied to the Linux kernel.
Which versions of the Linux kernel are affected by CVE-2025-21679?
CVE-2025-21679 affects multiple versions of the Linux kernel that are prior to the patch release.
What does CVE-2025-21679 impact in the Linux kernel?
CVE-2025-21679 primarily impacts the btrfs file system functionality related to device path resolution.
Is CVE-2025-21679 exploitable in remote attacks?
CVE-2025-21679 is not specifically noted for being exploitable in remote attacks but may allow local code execution under certain conditions.
- collector/nvd-api
- source/NVD
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/source
- agent/references
- agent/author
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/linux
- canonical/linux kernel