#VU103923 Resource management error in Linux kernel - CVE-2025-21699
Vulnerability identifier: #VU103923
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the do_gfs2_set_flags() function in fs/gfs2/file.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503
https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e
https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821
https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61
https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a
https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0
https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2
https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
