CVE-2025-21887: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-21887) was discovered in the Linux kernel's overlayfs functionality, specifically in the ovldentryupdate_reval function. The vulnerability was disclosed on March 27, 2025, affecting multiple versions of the Linux kernel including versions from 5.10.188 up to 6.14-rc4 (NVD).

The vulnerability occurs when dput(upper) is called before ovldentryupdatereval(), while upper->dflags is still being accessed in ovldentryremote(). This timing issue leads to a use-after-free condition in the overlayfs filesystem code. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements but high impact potential (NVD).

The vulnerability could allow an attacker with local access to potentially achieve high levels of confidentiality, integrity, and availability impacts on the affected system. This is particularly concerning for systems utilizing overlayfs, a widely used filesystem in container environments (NVD).

The vulnerability has been fixed by moving the dput(upper) call after its last use to prevent the use-after-free condition. Multiple patches have been released for various kernel versions, and affected distributions are releasing updates (NVD).