CVE-2025-21672

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2025
Last modified:
03/02/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> afs: Fix merge preference rule failure condition<br /> <br /> syzbot reported a lock held when returning to userspace[1]. This is<br /> because if argc is less than 0 and the function returns directly, the held<br /> inode lock is not released.<br /> <br /> Fix this by store the error in ret and jump to done to clean up instead of<br /> returning directly.<br /> <br /> [dh: Modified Lizhi Xu&amp;#39;s original patch to make it honour the error code<br /> from afs_split_string()]<br /> <br /> [1]<br /> WARNING: lock held when returning to user space!<br /> 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted<br /> ------------------------------------------------<br /> syz-executor133/5823 is leaving the kernel with locks still held!<br /> 1 lock held by syz-executor133/5823:<br /> #0: ffff888071cffc00 (&amp;sb-&gt;s_type-&gt;i_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]<br /> #0: ffff888071cffc00 (&amp;sb-&gt;s_type-&gt;i_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.11 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*