CVE-2025-21679
MediumIn the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().
CVSS 3.1 score
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected versions
Linux kernel versions
6.12.5
and later are affected. No fixed version recorded yet.
References
The following references provide additional information about CVE-2025-21679 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d
-
PatchKernel patch commithttps://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192
Frequently asked questions
-
What is CVE-2025-21679?
CVE-2025-21679 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . It affects Linux kernel versions from 6.12.5 onward . CVE-2025-21679 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
What is the CVSS score for CVE-2025-21679?
CVE-2025-21679 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. -
Is there a patch available for CVE-2025-21679?
No patch is currently available for CVE-2025-21679. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
-
Is CVE-2025-21679 actively exploited?
No — CVE-2025-21679 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.