← back
CVE-2025-21667

iomap: avoid avoid truncating 64-bit offset to 32 bits

CVSS 5.5 MEDIUMEPSS 0.2%CWE-835
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could lead to an infinite loop when writing to an xfs filesystem.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.kernel.org/stable/c/402ce16421477e27f30b57d6d1a6dc248fa3a4e4https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725https://git.kernel.org/stable/c/91371922704c8d82049ef7c2ad974d0a2cd1174dhttps://git.kernel.org/stable/c/c13094b894de289514d84b8db56d1f2931a0badehttps://lists.debian.org/debian-lts-announce/2025/03/msg00001.html