CVE-2025-21988

high

Description

In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the subrequest completion order), each of them would overwrite the `prev_donated` field, causing data corruption and a BUG() crash ("Can't donate prior to front").

References

https://git.kernel.org/stable/c/e2d46f2ec332533816417b60933954173f602121

https://git.kernel.org/stable/c/e25cec3b76aba47a49138d2162fc809c6cd49c9e

https://git.kernel.org/stable/c/62b9ad7e52d4777f7e775ee1f0ad2452f6041024

Details

Source: Mitre, NVD

Published: 2025-04-02

Updated: 2025-10-10

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018