CVE-2025-21988

Summary

In the Linux kernel, the following vulnerability has been resolved:

fs/netfs/read_collect: add to next->prev_donated

If multiple subrequests donate data to the same "next" request (depending on the subrequest completion order), each of them would overwrite the prev_donated field, causing data corruption and a BUG() crash ("Can't donate prior to front").

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxee4cdf7ba857a894ad1650d6ab77669cbbfa329e < 62b9ad7e52d4777f7e775ee1f0ad2452f6041024affected
LinuxLinuxee4cdf7ba857a894ad1650d6ab77669cbbfa329e < e25cec3b76aba47a49138d2162fc809c6cd49c9eaffected
LinuxLinuxee4cdf7ba857a894ad1650d6ab77669cbbfa329e < e2d46f2ec332533816417b60933954173f602121affected
LinuxLinux6.12affected
LinuxLinux0 < 6.12unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

References