CVE-2025-21699

gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

Description

In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e patch
https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df patch
https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a patch
https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503 patch
https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61 patch
https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821 patch
https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0 patch
https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2 patch

Frequently Asked Questions

What is the severity of CVE-2025-21699?
CVE-2025-21699 has been scored as a medium severity vulnerability.
How to fix CVE-2025-21699?
To fix CVE-2025-21699, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21699 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21699 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21699?
CVE-2025-21699 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.