PT-2025-4353 · Linux+8 · Linux Kernel+8

Syzbot

·

Published

2025-01-07

·

Updated

2026-05-26

·

CVE-2025-21672

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.10
Description The issue is related to incorrect locking of resources in the fs/afs/addr prefs.c module of the Linux kernel. This can lead to a denial of service. The problem occurs when the function returns directly without releasing the held inode lock if argc is less than 0. To fix this, the error is stored in ret and the function jumps to done to clean up instead of returning directly. The afs split string() function's error code is also taken into account.
Recommendations For Linux kernel versions prior to 6.12.10, update to a version that includes the fix for the merge preference rule failure condition to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable afs proc addr prefs write function until a patch is available.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025:20518
ALT-PU-2025-12647
ALT-PU-2025-3467
AZL-56285
AZL-56327
BDU:2025-01481
CVE-2025-21672
INFSA-2025_20518
RHSA-2025:20518
RHSA-2025_20518
USN-7445-1
USN-7448-1
USN-7595-1
USN-7595-2
USN-7595-3
USN-7595-4
USN-7595-5
USN-7596-1
USN-7596-2
USN-7653-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Ubuntu