#VU103594 Infinite loop in Linux kernel - CVE-2025-21665

Cybersecurity Help s.r.o.

Published: 2025-02-04

Vulnerability identifier: #VU103594

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21665

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the folio_seek_hole_data() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/09528bb1a4123e2a234eac2bc45a0e51e78dab43
https://git.kernel.org/stable/c/280f1fb89afc01e7376f59ae611d54ca69e9f967
https://git.kernel.org/stable/c/64e5fd96330df2ad278d1c4edcca581f26e5f76e
https://git.kernel.org/stable/c/80fc836f3ebe2f2d2d2c80c698b7667974285a04
https://git.kernel.org/stable/c/f505e6c91e7a22d10316665a86d79f84d9f0ba76

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure-5.15

Ubuntu update for linux-hwe-5.15

Ubuntu update for linux-nvidia-tegra

Ubuntu update for linux-xilinx-zynqmp

Ubuntu update for linux-intel-iot-realtime

Ubuntu update for linux-aws-fips

Ubuntu update for linux

Ubuntu update for linux-aws-5.15

SUSE update for the Linux Kernel