Linux Kernel Vulnerability in iomap Affecting XFS Filesystem
CVE-2025-21667

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 31 January 2025

What is CVE-2025-21667?

A vulnerability in the Linux kernel's handling of file operations, specifically within the iomap subsystem, could result in issues when embedded in 32-bit architectures. The function iomap_write_delalloc_scan() improperly utilized a 32-bit position derived from folio_next_index(), leading to potential infinite loops during write operations on XFS filesystems. This flaw emphasizes the importance of appropriate data type management to prevent unexpected behavior during file writes.

Affected Version(s)

Linux 38be53c3fd7f4f4bd5de319a323d72f9f6beb16d < 7ca4bd6b754913910151acce00be093f03642725

Linux f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78 < 91371922704c8d82049ef7c2ad974d0a2cd1174d

Linux f43dc4dc3eff028b5ddddd99f3a66c5a6bdd4e78 < 402ce16421477e27f30b57d6d1a6dc248fa3a4e4

References

https://git.kernel.org/stable/c/7ca4bd6b754913910151acce0...

https://git.kernel.org/stable/c/91371922704c8d82049ef7c2a...

https://git.kernel.org/stable/c/402ce16421477e27f30b57d6d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Dec 29, 2024