Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Jan 31, 2025 to the GitHub Advisory Database

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

btrfs: add the missing error handling inside get_canonical_dev_path

Inside function get_canonical_dev_path(), we call d_path() to get the
final device path.

But d_path() can return error, and in that case the next strscpy() call
will trigger an invalid memory access.

Add back the missing error handling for d_path().

References

Published by the National Vulnerability Database Jan 31, 2025
Published to the GitHub Advisory Database Jan 31, 2025

Severity

Unknown

EPSS score

Weaknesses

No CWEs

CVE ID

CVE-2025-21679

GHSA ID

GHSA-vh4g-mh2m-pgg3

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.