CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe	Patch
https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f	Patch
https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327	Patch
https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::

History

30 Oct 2025, 16:19

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe -~~	() https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe - Patch
References	~~() https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f -~~	() https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f - Patch
References	~~() https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327 -~~	() https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327 - Patch
References	~~() https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63 -~~	() https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: bsg: Se corrige el fallo cuando falla el comando arpmb. Si el dispositivo no es compatible con arpmb, se producirá un fallo debido a la copia de datos de usuario en bsg_transport_sg_io_fn(). Si ufs_bsg_exec_advanced_rpmb_req() devuelve un error, no se debe establecer el valor de respuesta de la tarea. Seguimiento de fallos de memoria: 3,1290,531166405,-;ufshcd 0000:00:12.5: Error en la operación ARPMB: código de error -22 4,1308,531166555,-; Seguimiento de llamadas: 4,1309,531166559,-; 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0

27 Mar 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 15:15

Updated : 2025-10-30 16:19

NVD link : CVE-2025-21873

Mitre link : CVE-2025-21873

CVE.ORG link : CVE-2025-21873

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10