CVE-2025-71072

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/01/2026
Last modified:
25/03/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> shmem: fix recovery on rename failures<br /> <br /> maple_tree insertions can fail if we are seriously short on memory;<br /> simple_offset_rename() does not recover well if it runs into that.<br /> The same goes for simple_offset_rename_exchange().<br /> <br /> Moreover, shmem_whiteout() expects that if it succeeds, the caller will<br /> progress to d_move(), i.e. that shmem_rename2() won&amp;#39;t fail past the<br /> successful call of shmem_whiteout().<br /> <br /> Not hard to fix, fortunately - mtree_store() can&amp;#39;t fail if the index we<br /> are trying to store into is already present in the tree as a singleton.<br /> <br /> For simple_offset_rename_exchange() that&amp;#39;s enough - we just need to be<br /> careful about the order of operations.<br /> <br /> For simple_offset_rename() solution is to preinsert the target into the<br /> tree for new_dir; the rest can be done without any potentially failing<br /> operations.<br /> <br /> That preinsertion has to be done in shmem_rename2() rather than in<br /> simple_offset_rename() itself - otherwise we&amp;#39;d need to deal with the<br /> possibility of failure after successful shmem_whiteout().

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.1 (including) 6.12.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.3 (excluding)
cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*