摘要:
In the Linux kernel, the following vulnerability has been resolved:
btrfs: add the missing error handling inside get_canonical_dev_path
Inside function get_canonical_dev_path(), we call d_path() to get the
final device path.
But d_path() can return error, and in that case the next strscpy() call
will trigger an invalid memory access.
Add back the missing error handling for d_path().
安全等级: Low
公告ID: KylinSec-SA-2025-1237
发布日期: 2025年3月4日
关联CVE: CVE-2025-21679
In the Linux kernel, the following vulnerability has been resolved:
btrfs: add the missing error handling inside get_canonical_dev_path
Inside function get_canonical_dev_path(), we call d_path() to get the
final device path.
But d_path() can return error, and in that case the next strscpy() call
will trigger an invalid memory access.
Add back the missing error handling for d_path().
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-21679 | KY3.4-5A | kernel | Unaffected |
| CVE-2025-21679 | V6 | kernel | Unaffected |
