AZL-59405

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59405.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59405

Upstream

CVE-2025-21887

Published

2025-03-27T15:15:56Z

Modified

2026-04-01T05:19:28.721681Z

Summary

CVE-2025-21887 affecting package kernel for versions less than 5.15.180.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ovl: fix UAF in ovldentryupdatereval by moving dput() in ovllink_up

The issue was caused by dput(upper) being called before ovldentryupdatereval(), while upper->dflags was still accessed in ovldentryremote().

Move dput(upper) after its last use to prevent use-after-free.

BUG: KASAN: slab-use-after-free in ovldentryremote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovldentryupdate_reval+0xd2/0xf0 fs/overlayfs/util.c:167

Call Trace: <TASK> _dumpstack lib/dumpstack.c:88 [inline] dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:114 printaddressdescription mm/kasan/report.c:377 [inline] printreport+0xc3/0x620 mm/kasan/report.c:488 kasanreport+0xd9/0x110 mm/kasan/report.c:601 ovldentryremote fs/overlayfs/util.c:162 [inline] ovldentryupdatereval+0xd2/0xf0 fs/overlayfs/util.c:167 ovllinkup fs/overlayfs/copyup.c:610 [inline] ovlcopyupone+0x2105/0x3490 fs/overlayfs/copyup.c:1170 ovlcopyupflags+0x18d/0x200 fs/overlayfs/copyup.c:1223 ovlrename+0x39e/0x18c0 fs/overlayfs/dir.c:1136 vfsrename+0xf84/0x20a0 fs/namei.c:4893 ... </TASK>

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21887

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.180.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59405.json"