Linux Kernel Vulnerability with VFIO Platform Read/Write Syscall Checks

CVE-2025-21687

Summary

A vulnerability exists in the Linux kernel's VFIO platform due to inadequate validation of parameters passed from user space through read/write syscalls. Specifically, while the offset is limited to 40 bits, the count parameter lacks proper bounds checking, enabling an attacker to read from or write to memory locations outside the intended device bounds. This oversight could lead to data corruption or unauthorized access to sensitive data, making it critical for system administrators to apply the necessary updates to safeguard their systems.

References