#VU103051 Resource management error in Linux kernel - CVE-2025-21646


Vulnerability identifier: #VU103051

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21646

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the afs_deliver_yfsvl_get_cell_name() function in fs/afs/vlclient.c, within the afs_vl_get_cell_name() and yfs_check_canonical_cell_name() functions in fs/afs/vl_alias.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/7673030efe0f8ca1056d3849d61784c6caa052af
https://git.kernel.org/stable/c/7922b1f058fe24a93730511dd0ae2e1630920096
https://git.kernel.org/stable/c/8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8
https://git.kernel.org/stable/c/aabe47cf5ac5e1db2ae0635f189d836f67024904

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-azure-5.15
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra
Ubuntu update for linux-xilinx-zynqmp
Ubuntu update for linux-intel-iot-realtime
Ubuntu update for linux-aws-fips
Ubuntu update for linux
Ubuntu update for linux-aws-5.15
Ubuntu update for linux