CVE-2025-21997
xsk: fix an integer overflow in xp_create_and_assign_umem()
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
03 abr 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
xsk: fix an integer overflow in xp_create_and_assign_umem()
Since the i and pool->chunk_size variables are of type 'u32',
their product can wrap around and then be cast to 'u64'.
This can lead to two different XDP buffers pointing to the same
memory area.
Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/130290f44bce0eead2b827302109afc3fe189dddhttps://git.kernel.org/stable/c/205649d642a5b376724f04f3a5b3586815e43d3bhttps://git.kernel.org/stable/c/559847f56769037e5b2e0474d3dbff985b98083dhttps://git.kernel.org/stable/c/b7b4be1fa43294b50b22e812715198629806678ahttps://git.kernel.org/stable/c/c7670c197b0f1a8726ad5c87bc2bf001a1fc1bbdhttps://lists.debian.org/debian-lts-announce/2025/05/msg00045.html