Out-of-Bounds Read Vulnerability in Google ChromeOS Kernel
CVE-2025-2073

8.8HIGH

Key Information:

Vendor: Google
Status: Chromeos
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability exists in the Google ChromeOS Kernel that enables an out-of-bounds read condition within the ip_set_bitmap_ip.c file. This flaw affects multiple kernel versions and can be exploited by an attacker with CAP_NET_ADMIN privileges, allowing for memory corruption through specially crafted ipset commands. Successful exploitation could result in privilege escalation, posing significant security risks across affected devices utilizing Termina.

Affected Version(s)

ChromeOS Kernal version 6.1

References

https://issuetracker.google.com/issues/380043638

https://issues.chromium.org/issues/b/380043638

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Mar 6, 2025