CVE-2025-71072

EPSS 0.02%
Veröffentlicht 13.01.2026 15:31:26
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

shmem: fix recovery on rename failures

maple_tree insertions can fail if we are seriously short on memory;
simple_offset_rename() does not recover well if it runs into that.
The same goes for simple_offset_rename_exchange().

Moreover, shmem_whiteout() expects that if it succeeds, the caller will
progress to d_move(), i.e. that shmem_rename2() won't fail past the
successful call of shmem_whiteout().

Not hard to fix, fortunately - mtree_store() can't fail if the index we
are trying to store into is already present in the tree as a singleton.

For simple_offset_rename_exchange() that's enough - we just need to be
careful about the order of operations.

For simple_offset_rename() solution is to preinsert the target into the
tree for new_dir; the rest can be done without any potentially failing
operations.

That preinsertion has to be done in shmem_rename2() rather than in
simple_offset_rename() itself - otherwise we'd need to deal with the
possibility of failure after successful shmem_whiteout().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113

Version a2e459555c5f9da3e619b7e47a63f98574dc75f1

Status affected

Version < 4642686699a46718d7f2fb5acd1e9d866a9d9cca

Version a2e459555c5f9da3e619b7e47a63f98574dc75f1

Status affected

Version < e1b4c6a58304fd490124cc2b454d80edc786665c

Version a2e459555c5f9da3e619b7e47a63f98574dc75f1

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113

https://git.kernel.org/stable/c/4642686699a46718d7f2fb5acd1e9d866a9d9cca

https://git.kernel.org/stable/c/e1b4c6a58304fd490124cc2b454d80edc786665c

https://nvd.nist.gov/vuln/detail/CVE-2025-71072

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-71072

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-71072

EUVD