CVE-2025-21665: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21665 is a vulnerability in the Linux kernel that was discovered and disclosed on January 31, 2025. The issue affects the folioseekhole_data() function on 32-bit kernels, where a 64-bit value was inadvertently being truncated to 32 bits. This vulnerability affects multiple versions of the Linux kernel, including versions from 5.12 up to 6.13-rc7 (NVD).

The vulnerability occurs in the Linux kernel's filemap functionality where folioseekhole_data() function incorrectly handles 64-bit offset values on 32-bit kernels. The issue stems from improper truncation of a 64-bit value to 32 bits when performing calculations with bsz (block size) values. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (Red Hat).

When exploited, this vulnerability can lead to an infinite loop condition when writing to an XFS filesystem on 32-bit kernels. This can result in a denial of service through resource consumption, particularly affecting CPU utilization and system responsiveness (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that properly handles 64-bit offsets by modifying the calculation to explicitly cast the block size to a 64-bit value using (u64)bsz. Multiple stable kernel versions have received the fix, including updates to versions 5.15.177, 6.1.127, 6.6.74, and 6.12.11 (Debian).