Linux Kernel Page Cache Statistics Vulnerability in Cachestat System Call
CVE-2025-21691

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 February 2025

Summary

A vulnerability in the Linux kernel's cachestat system call allows unauthorized access to page cache statistics. Initially designed for improved performance, the cachestat function failed to implement proper checks for writability and ownership, leaving it susceptible to exploitation. This oversight mirrors a previously resolved issue in the mincore system call and necessitates careful attention to ensure proper file context checks are enforced.

Affected Version(s)

Linux cf264e1329fb0307e044f7675849f9f38b44c11a < 7d6405c13b0d8a8367cd8df63f118b619a3f0dd2

Linux cf264e1329fb0307e044f7675849f9f38b44c11a < 780ab8329672464984cf1344bd5c3993af0226c7

Linux cf264e1329fb0307e044f7675849f9f38b44c11a < 97153a05077f618f7471f50a78158602badccb30

References

https://git.kernel.org/stable/c/7d6405c13b0d8a8367cd8df63...

https://git.kernel.org/stable/c/780ab8329672464984cf1344b...

https://git.kernel.org/stable/c/97153a05077f618f7471f50a7...

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Dec 29, 2024