CVE-2025-21997

In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189ddd	Patch
https://git.kernel.org/stable/c/205649d642a5b376724f04f3a5b3586815e43d3b	Patch
https://git.kernel.org/stable/c/559847f56769037e5b2e0474d3dbff985b98083d	Patch
https://git.kernel.org/stable/c/b7b4be1fa43294b50b22e812715198629806678a	Patch
https://git.kernel.org/stable/c/c7670c197b0f1a8726ad5c87bc2bf001a1fc1bbd	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.14:rc7::::::

History

10 Apr 2025, 16:16

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CWE		CWE-190
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.14:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.14:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.14:rc3::::::
References	~~() https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189ddd -~~	() https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189ddd - Patch
References	~~() https://git.kernel.org/stable/c/205649d642a5b376724f04f3a5b3586815e43d3b -~~	() https://git.kernel.org/stable/c/205649d642a5b376724f04f3a5b3586815e43d3b - Patch
References	~~() https://git.kernel.org/stable/c/559847f56769037e5b2e0474d3dbff985b98083d -~~	() https://git.kernel.org/stable/c/559847f56769037e5b2e0474d3dbff985b98083d - Patch
References	~~() https://git.kernel.org/stable/c/b7b4be1fa43294b50b22e812715198629806678a -~~	() https://git.kernel.org/stable/c/b7b4be1fa43294b50b22e812715198629806678a - Patch
References	~~() https://git.kernel.org/stable/c/c7670c197b0f1a8726ad5c87bc2bf001a1fc1bbd -~~	() https://git.kernel.org/stable/c/c7670c197b0f1a8726ad5c87bc2bf001a1fc1bbd - Patch

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xsk: se corrige un desbordamiento de entero en xp_create_and_assign_umem(). Dado que las variables i y pool->chunk_size son de tipo 'u32', su producto puede encapsularse y luego convertirse a 'u64'. Esto puede provocar que dos búferes XDP diferentes apunten a la misma área de memoria. Encontrado por InfoTeCS en nombre del Centro de Verificación de Linux (linuxtesting.org) con SVACE.

03 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 08:15

Updated : 2025-04-10 16:16

NVD link : CVE-2025-21997

Mitre link : CVE-2025-21997

CVE.ORG link : CVE-2025-21997

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

5.5 /10