CVE-2025-21679

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21679
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21679.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21679
Downstream
Published
2025-01-31T11:25:40Z
Modified
2025-10-17T21:17:01.077582Z
Summary
btrfs: add the missing error handling inside get_canonical_dev_path
Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: add the missing error handling inside getcanonicaldev_path

Inside function getcanonicaldevpath(), we call dpath() to get the final device path.

But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access.

Add back the missing error handling for d_path().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5d261f60b5c82ba1e4b5555252e1c90c43d96015
Fixed
d0fb5741932b831eded49bfaaf33353e96200d6d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7e06de7c83a746e58d4701e013182af133395188
Fixed
fe4de594f7a2e9bc49407de60fbd20809fad4192

Affected versions

v6.*

v6.12.10
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.5
Fixed
6.12.11