CVE-2025-21654
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-21654
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21654.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-21654
- Downstream
- Related
- Published
- 2025-01-19T10:18:11.104Z
- Modified
- 2025-11-16T13:15:57.673881Z
- Summary
- ovl: support encoding fid from inode with no alias
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ovl: support encoding fid from inode with no alias
Dmitry Safonov reported that a WARNON() assertion can be trigered by userspace when calling inotifyshowfdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with dropcaches.
The WARNON() assertion in inotifyshow_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion.
As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FANDELETESELF fanotify events.
As Dmitry notes in his analyzis of the problem, ovlencodefh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovlencodefh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovlencodefh() never needs to use the alias to encode a file handle.
Defer finding an alias until it is actually needed so ovlencodefh() will not fail in the common case of FANDELETESELF fanotify events.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced16aac5ad1fa94894b798dd522c5c3a6a0628d7f0Fixedf0c0ac84de17c37e6e84da65fb920f91dada55ad
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced16aac5ad1fa94894b798dd522c5c3a6a0628d7f0Fixed3c7c90274ae339e1ad443c9be1c67a20b80b9c76
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced16aac5ad1fa94894b798dd522c5c3a6a0628d7f0Fixedc45beebfde34aa71afbc48b2c54cdda623515037
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1
v6.5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"target": {
"function": "ovl_check_encode_origin",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 467.0,
"function_hash": "1589270734184084506145133184989799043"
},
"deprecated": false,
"id": "CVE-2025-21654-14da9ce2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c45beebfde34aa71afbc48b2c54cdda623515037",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_encode_fh",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 471.0,
"function_hash": "178109482705490712536889598585254410327"
},
"deprecated": false,
"id": "CVE-2025-21654-3f494dd8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7c90274ae339e1ad443c9be1c67a20b80b9c76",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "fs/overlayfs/export.c"
},
"digest": {
"line_hashes": [
"194127234733953746656949811119865176477",
"136568515777692494350837144903944959807",
"301145796103848680136845127956164581116",
"13194426816768815978660548735178847782",
"122477783362314991752238329124245128846",
"213154773957656498999962225049544724356",
"188298476170693179345453017511578441379",
"331630282158725580701708221316835624427",
"90670485751152414376147353150791551220",
"61560537650195986453811981972379861143",
"42436358753287451997240188521466529765",
"196490261936643911209201971310626406355",
"311220472982812296517096200665894755455",
"222532893966082492049341550244316405258",
"264266819098591409236038996924845275950",
"51278227742245437352054729451972343145",
"294139202409357280107462189559424021010",
"189581621693380832820823745854387474094",
"234094597912837518632444600870414561164",
"221867694293481169624315463886679775761",
"17901017497704263132996257857268203838",
"273958731359865898311699734095670065271",
"305683152043058760316490650487310308758",
"13989776634213178676041007640046657453",
"149068426384472047647405008465938180941",
"277939014609441362881693961202532152948",
"183802973970887596846337596940066713557",
"306853002273532627288526733693502011899",
"295989464211899371560068640110720190300",
"257872913320502611517589485315360827766",
"30964924029651849907121319914035678904",
"299055172894017591271134629251291225822",
"189393909163360998459984763245924793450",
"110147088691437005066233867352127856209",
"279618692100510654836873987852102725689",
"66879096046261323048714669381893846115",
"146474746340511887771657244895546853347",
"305090292322906961825372483368657159974",
"311618373361708171142053535895098559424",
"301240358077849745623440903252377319485",
"27606176968410964638894447572216261944",
"153231410702369271023133881959296534504",
"87586131267913818492094349174922371539",
"318399385043023592792641723189604504669",
"89038495073407921379839789651184615410",
"262982936221840007132822712783679931540",
"245963588603833357730004478181185650325"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-21654-55a3b4ad",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f0c0ac84de17c37e6e84da65fb920f91dada55ad",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_encode_fh",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 471.0,
"function_hash": "178109482705490712536889598585254410327"
},
"deprecated": false,
"id": "CVE-2025-21654-55f266f5",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c45beebfde34aa71afbc48b2c54cdda623515037",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_dentry_to_fid",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 587.0,
"function_hash": "187124825327709270414879949570402984394"
},
"deprecated": false,
"id": "CVE-2025-21654-587d1f68",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7c90274ae339e1ad443c9be1c67a20b80b9c76",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_check_encode_origin",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 467.0,
"function_hash": "1589270734184084506145133184989799043"
},
"deprecated": false,
"id": "CVE-2025-21654-68d25b8e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7c90274ae339e1ad443c9be1c67a20b80b9c76",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_encode_fh",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 471.0,
"function_hash": "178109482705490712536889598585254410327"
},
"deprecated": false,
"id": "CVE-2025-21654-6b6e0bbe",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f0c0ac84de17c37e6e84da65fb920f91dada55ad",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "fs/overlayfs/export.c"
},
"digest": {
"line_hashes": [
"194127234733953746656949811119865176477",
"136568515777692494350837144903944959807",
"301145796103848680136845127956164581116",
"13194426816768815978660548735178847782",
"122477783362314991752238329124245128846",
"213154773957656498999962225049544724356",
"188298476170693179345453017511578441379",
"331630282158725580701708221316835624427",
"90670485751152414376147353150791551220",
"61560537650195986453811981972379861143",
"42436358753287451997240188521466529765",
"196490261936643911209201971310626406355",
"311220472982812296517096200665894755455",
"222532893966082492049341550244316405258",
"264266819098591409236038996924845275950",
"51278227742245437352054729451972343145",
"294139202409357280107462189559424021010",
"189581621693380832820823745854387474094",
"234094597912837518632444600870414561164",
"221867694293481169624315463886679775761",
"17901017497704263132996257857268203838",
"273958731359865898311699734095670065271",
"305683152043058760316490650487310308758",
"13989776634213178676041007640046657453",
"149068426384472047647405008465938180941",
"277939014609441362881693961202532152948",
"183802973970887596846337596940066713557",
"306853002273532627288526733693502011899",
"295989464211899371560068640110720190300",
"257872913320502611517589485315360827766",
"30964924029651849907121319914035678904",
"299055172894017591271134629251291225822",
"189393909163360998459984763245924793450",
"110147088691437005066233867352127856209",
"279618692100510654836873987852102725689",
"66879096046261323048714669381893846115",
"146474746340511887771657244895546853347",
"305090292322906961825372483368657159974",
"311618373361708171142053535895098559424",
"301240358077849745623440903252377319485",
"27606176968410964638894447572216261944",
"153231410702369271023133881959296534504",
"87586131267913818492094349174922371539",
"318399385043023592792641723189604504669",
"89038495073407921379839789651184615410",
"262982936221840007132822712783679931540",
"245963588603833357730004478181185650325"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-21654-83e66c1f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c45beebfde34aa71afbc48b2c54cdda623515037",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_check_encode_origin",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 467.0,
"function_hash": "1589270734184084506145133184989799043"
},
"deprecated": false,
"id": "CVE-2025-21654-ae2a15cd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f0c0ac84de17c37e6e84da65fb920f91dada55ad",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_dentry_to_fid",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 587.0,
"function_hash": "187124825327709270414879949570402984394"
},
"deprecated": false,
"id": "CVE-2025-21654-cf4af970",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f0c0ac84de17c37e6e84da65fb920f91dada55ad",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "fs/overlayfs/export.c"
},
"digest": {
"line_hashes": [
"194127234733953746656949811119865176477",
"136568515777692494350837144903944959807",
"301145796103848680136845127956164581116",
"13194426816768815978660548735178847782",
"122477783362314991752238329124245128846",
"213154773957656498999962225049544724356",
"188298476170693179345453017511578441379",
"331630282158725580701708221316835624427",
"90670485751152414376147353150791551220",
"61560537650195986453811981972379861143",
"42436358753287451997240188521466529765",
"196490261936643911209201971310626406355",
"311220472982812296517096200665894755455",
"222532893966082492049341550244316405258",
"264266819098591409236038996924845275950",
"51278227742245437352054729451972343145",
"294139202409357280107462189559424021010",
"189581621693380832820823745854387474094",
"234094597912837518632444600870414561164",
"221867694293481169624315463886679775761",
"17901017497704263132996257857268203838",
"273958731359865898311699734095670065271",
"305683152043058760316490650487310308758",
"13989776634213178676041007640046657453",
"149068426384472047647405008465938180941",
"277939014609441362881693961202532152948",
"183802973970887596846337596940066713557",
"306853002273532627288526733693502011899",
"295989464211899371560068640110720190300",
"257872913320502611517589485315360827766",
"30964924029651849907121319914035678904",
"299055172894017591271134629251291225822",
"189393909163360998459984763245924793450",
"110147088691437005066233867352127856209",
"279618692100510654836873987852102725689",
"66879096046261323048714669381893846115",
"146474746340511887771657244895546853347",
"305090292322906961825372483368657159974",
"311618373361708171142053535895098559424",
"301240358077849745623440903252377319485",
"27606176968410964638894447572216261944",
"153231410702369271023133881959296534504",
"87586131267913818492094349174922371539",
"318399385043023592792641723189604504669",
"89038495073407921379839789651184615410",
"262982936221840007132822712783679931540",
"245963588603833357730004478181185650325"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2025-21654-d1b995a1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3c7c90274ae339e1ad443c9be1c67a20b80b9c76",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"function": "ovl_dentry_to_fid",
"file": "fs/overlayfs/export.c"
},
"digest": {
"length": 587.0,
"function_hash": "187124825327709270414879949570402984394"
},
"deprecated": false,
"id": "CVE-2025-21654-f3740a28",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c45beebfde34aa71afbc48b2c54cdda623515037",
"signature_version": "v1"
}
]