CVE-2025-21667

EUVD-2025-2616
In the Linux kernel, the following vulnerability has been resolved:

iomap: avoid avoid truncating 64-bit offset to 32 bits

on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a
32-bit position due to folio_next_index() returning an unsigned long.
This could lead to an infinite loop when writing to an xfs filesystem.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 6.1.127
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.74
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.11
linuxlinux_kernel
6.13:rc1
linuxlinux_kernel
6.13:rc2
linuxlinux_kernel
6.13:rc3
linuxlinux_kernel
6.13:rc4
linuxlinux_kernel
6.13:rc5
linuxlinux_kernel
6.13:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.15-1
fixed
sid
6.18.15-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/402ce16421477e27f30b57d6d1a6dc248fa3a4e4
https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725
https://git.kernel.org/stable/c/91371922704c8d82049ef7c2ad974d0a2cd1174d
https://git.kernel.org/stable/c/c13094b894de289514d84b8db56d1f2931a0bade
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html