CVE-2025-21654

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability has been resolved in the Linux kernel related to the overlayfs file system. The issue arises when the ovl encode fh() function fails to encode a file handle from a non-aliased inode, leading to a failure to report an fid with FAN DELETE SELF fanotify events. The WARN ON() assertion in inotify show fdinfo() was removed because it is possible for encoding file handle to fail for other reasons. The impact of failing to encode an overlayfs file handle goes beyond this assertion. The ovl encode fh() function seldom uses the alias and in the case of non-decodable file handles, it never needs to use the alias to encode a file handle. Defer finding an alias until it is actually needed so ovl encode fh() will not fail in the common case of FAN DELETE SELF fanotify events.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the ovl encode fh() function until a patch is available. Restrict access to the vulnerable inotify show fdinfo() function to minimize the risk of exploitation. Avoid using the inotify show fdinfo() function for overlayfs watched inodes with discarded dentry aliases until the issue is resolved.