CVE-2025-21679

Published: Jan 31, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().

Vendor	Product	Versions
Linux	Linux	affected `5d261f60b5c82ba1e4b5555252e1c90c43d96015 - < d0fb5741932b831eded49bfaaf33353e96200d6d` affected `7e06de7c83a746e58d4701e013182af133395188 - < fe4de594f7a2e9bc49407de60fbd20809fad4192`
Linux	Linux	affected `6.12.5 - < 6.12.11`

References

https://git.kernel.org/stable/c/d0fb5741932b831eded49bfaaf33353e96200d6d

https://git.kernel.org/stable/c/fe4de594f7a2e9bc49407de60fbd20809fad4192

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21679

Description

Affected Products

References