CVE & CISA-KEV Catalog

CVE-2025-21679

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside get_canonical_dev_path Inside function get_canonical_dev_path(), we call d_path() to get the final device path. But d_path() can return error, and in that case the next strscpy() call will trigger an invalid memory access. Add back the missing error handling for d_path().

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.11-1CVE-2025-21679
Fixed in:6.12.11-1CVE-2025-21679

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.17%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Embed a live status badge for CVE-2025-21679
CVE-2025-21679 severity badge

Markdown

[![CVE-2025-21679](https://tridentstack.com/cve/badge/CVE-2025-21679.svg)](https://tridentstack.com/cve/CVE-2025-21679)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-21679"><img src="https://tridentstack.com/cve/badge/CVE-2025-21679.svg" alt="CVE-2025-21679"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-10-15.