U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-21721 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfs_prepare_chunk() may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUG_ON check failures reported by syzbot around rename operations, and a minor behavioral issue where the mtime of a child directory changes when it is renamed instead of moved. This patch (of 2): The directory manipulation routines nilfs_set_link() and nilfs_delete_entry() rewrite the directory entry in the folio/page previously read by nilfs_find_entry(), so error handling is omitted on the assumption that nilfs_prepare_chunk(), which prepares the buffer for rewriting, will always succeed for these. And if an error is returned, it triggers the legacy BUG_ON() checks in each routine. This assumption is wrong, as proven by syzbot: the buffer layer called by nilfs_prepare_chunk() may call nilfs_get_block() if necessary, which may fail due to metadata corruption or other reasons. This has been there all along, but improved sanity checks and error handling may have made it more reproducible in fuzzing tests. Fix this issue by adding missing error paths in nilfs_set_link(), nilfs_delete_entry(), and their caller nilfs_rename().


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/1ee2d454baa361d2964e3e2f2cca9ee3f769d93c kernel.org Patch 
https://git.kernel.org/stable/c/481136234dfe96c7f92770829bec6111c7c5f5dd kernel.org Patch 
https://git.kernel.org/stable/c/607dc724b162f4452dc768865e578c1a509a1c8c kernel.org Patch 
https://git.kernel.org/stable/c/7891ac3b0a5c56f7148af507306308ab841cdc31 kernel.org Patch 
https://git.kernel.org/stable/c/b38c6c260c2415c7f0968871305e7a093daabb4c kernel.org Patch 
https://git.kernel.org/stable/c/eddd3176b8c4c83a46ab974574cda7c3dfe09388 kernel.org Patch 
https://git.kernel.org/stable/c/ee70999a988b8abc3490609142f50ebaa8344432 kernel.org Patch 
https://git.kernel.org/stable/c/f70bd2d8ca454e0ed78970f72147ca321dbaa015 kernel.org Patch 
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html CVE
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html CVE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-617 Reachable Assertion cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-21721
NVD Published Date:
02/26/2025
NVD Last Modified:
11/03/2025
Source:
kernel.org