Linux Kernel Vulnerability Leading to Infinite Loop on XFS Filesystem
CVE-2025-21665

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

Summary

A vulnerability in the Linux kernel's file handling mechanism caused 32-bit truncation of a 64-bit offset, specifically within the folio_seek_hole_data() function. This oversight can potentially trigger an infinite loop when operations are performed on XFS filesystems, leading to system instability and performance issues. It’s crucial for users and administrators to be aware of this issue and apply appropriate patches to prevent exploitation.

Affected Version(s)

Linux 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d < 64e5fd96330df2ad278d1c4edcca581f26e5f76e

Linux 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d < 80fc836f3ebe2f2d2d2c80c698b7667974285a04

Linux 54fa39ac2e00b1b8c2a7fe72e648773ffa48f76d < 09528bb1a4123e2a234eac2bc45a0e51e78dab43

References

https://git.kernel.org/stable/c/64e5fd96330df2ad278d1c4ed...

https://git.kernel.org/stable/c/80fc836f3ebe2f2d2d2c80c69...

https://git.kernel.org/stable/c/09528bb1a4123e2a234eac2bc...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024