0.0
NA
CVE-2025-21646
"Linux AFS Denial of Service"
Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extension, the maximum cell name, to 255 less two (length count and trailing NUL). Fix this by limiting the maximum acceptable cellname length to 253. This also allows us to be sure we can create the "/afs/.<cell>/" mountpoint too. Further, split the YFS VL record cell name maximum to be the 256 allowed by the protocol and ignore the record retrieved by YFSVL.GetCellName if it exceeds 253.

INFO

Published Date :

Jan. 19, 2025, 11:15 a.m.

Last Modified :

Feb. 2, 2025, 11:15 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Public PoC/Exploit Available at Github

CVE-2025-21646 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-21646 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-21646.

URL Resource
https://git.kernel.org/stable/c/7673030efe0f8ca1056d3849d61784c6caa052af
https://git.kernel.org/stable/c/7922b1f058fe24a93730511dd0ae2e1630920096
https://git.kernel.org/stable/c/7cb3e77e9b4e6ffa325a5559393d3283c9af3d01
https://git.kernel.org/stable/c/8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8
https://git.kernel.org/stable/c/9340385468d056bb700b8f28df236b81fc86a079
https://git.kernel.org/stable/c/aabe47cf5ac5e1db2ae0635f189d836f67024904

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
w4zu/Debian_security

DSA and DLA for Debian last 14 days

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Feb. 12, 2025, 2:08 p.m. This repo has been linked 125 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-21646 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2025-21646 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 02, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/9340385468d056bb700b8f28df236b81fc86a079
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jan. 23, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/7cb3e77e9b4e6ffa325a5559393d3283c9af3d01
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jan. 19, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extension, the maximum cell name, to 255 less two (length count and trailing NUL). Fix this by limiting the maximum acceptable cellname length to 253. This also allows us to be sure we can create the "/afs/.<cell>/" mountpoint too. Further, split the YFS VL record cell name maximum to be the 256 allowed by the protocol and ignore the record retrieved by YFSVL.GetCellName if it exceeds 253.
    Added Reference https://git.kernel.org/stable/c/7673030efe0f8ca1056d3849d61784c6caa052af
    Added Reference https://git.kernel.org/stable/c/7922b1f058fe24a93730511dd0ae2e1630920096
    Added Reference https://git.kernel.org/stable/c/8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8
    Added Reference https://git.kernel.org/stable/c/aabe47cf5ac5e1db2ae0635f189d836f67024904
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-21646 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-21646 weaknesses.

NONE - Vulnerability Scoring System
: