CVE-2025-21672Improper Locking in Linux

CWE-667Improper Locking24 documents6 sources
Severity
5.5MEDIUMNVD
OSV5.9
EPSS
0.0%
top 98.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 31
Latest updateJul 17

Description

In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not released. Fix this by store the error in ret and jump to done to clean up instead of returning directly. [dh: Modified Lizhi Xu's original patch to make it honour the error code from afs_split_string()] [1] WARNING: l

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 6.12.11+1
Debianlinux/linux_kernel< 6.12.11-1+1
Ubuntulinux/linux_kernel< 6.8.0-62.65
CVEListV5linux/linuxf94f70d39cc2d54079ebae934862198516315db222be1d90a6211c88dd093b25d1f3aa974d0d9f9d+2
debiandebian/linux< linux 6.12.11-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

12
OSV
linux-hwe-6.8 vulnerabilities2025-07-17
OSV
linux-gcp, linux-gcp-6.8 vulnerabilities2025-06-30
OSV
linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities2025-06-26
OSV
linux-raspi-realtime vulnerabilities2025-06-25
OSV
linux-azure-nvidia vulnerabilities2025-06-25

📋Vendor Advisories

11
Ubuntu
Linux kernel (HWE) vulnerabilities2025-07-17
Ubuntu
Linux kernel vulnerabilities2025-06-30
Ubuntu
Linux kernel (Azure, N-Series) vulnerabilities2025-06-25
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-06-25
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-24
CVE-2025-21672 — Improper Locking in Linux | cvebase