CVE-2025-21721
Linux Nilfs2 Directory Manipulation Error Handling Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed instead of moved. This patch (of 2): The directory manipulation routines nilfs_set_link() and nilfs_delete_entry() rewrite the directory entry in the folio/page previously read by nilfs_find_entry(), so error handling is omitted on the assumption that nilfs_prepare_chunk(), which prepares the buffer for rewriting, will always succeed for these. And if an error is returned, it triggers the legacy BUG_ON() checks in each routine. This assumption is wrong, as proven by syzbot: the buffer layer called by nilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may fail due to metadata corruption or other reasons. This has been there all along, but improved sanity checks and error handling may have made it more reproducible in fuzzing tests. Fix this issue by adding missing error paths in nilfs_set_link(), nilfs_delete_entry(), and their caller nilfs_rename().
INFO
Published Date :
Feb. 27, 2025, 2:15 a.m.
Last Modified :
March 13, 2025, 1:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel to the latest version.
- Apply the "nilfs2: fix issues with rename operations" patch series.
- Ensure nilfs_prepare_chunk() error paths are handled correctly.
- Test for improved sanity checks and error handling.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-21721.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-21721 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-21721
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-21721 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-21721 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 13, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/1ee2d454baa361d2964e3e2f2cca9ee3f769d93c Added Reference https://git.kernel.org/stable/c/607dc724b162f4452dc768865e578c1a509a1c8c Added Reference https://git.kernel.org/stable/c/b38c6c260c2415c7f0968871305e7a093daabb4c Added Reference https://git.kernel.org/stable/c/f70bd2d8ca454e0ed78970f72147ca321dbaa015 -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 27, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/7891ac3b0a5c56f7148af507306308ab841cdc31 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Feb. 27, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed instead of moved. This patch (of 2): The directory manipulation routines nilfs_set_link() and nilfs_delete_entry() rewrite the directory entry in the folio/page previously read by nilfs_find_entry(), so error handling is omitted on the assumption that nilfs_prepare_chunk(), which prepares the buffer for rewriting, will always succeed for these. And if an error is returned, it triggers the legacy BUG_ON() checks in each routine. This assumption is wrong, as proven by syzbot: the buffer layer called by nilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may fail due to metadata corruption or other reasons. This has been there all along, but improved sanity checks and error handling may have made it more reproducible in fuzzing tests. Fix this issue by adding missing error paths in nilfs_set_link(), nilfs_delete_entry(), and their caller nilfs_rename(). Added Reference https://git.kernel.org/stable/c/481136234dfe96c7f92770829bec6111c7c5f5dd Added Reference https://git.kernel.org/stable/c/eddd3176b8c4c83a46ab974574cda7c3dfe09388 Added Reference https://git.kernel.org/stable/c/ee70999a988b8abc3490609142f50ebaa8344432