Out-of-Bounds Read Vulnerability in OrangeFS by Linux Kernel
CVE-2025-21782

7.1HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

What is CVE-2025-21782?

A vulnerability identified in the OrangeFS within the Linux kernel leads to a slab-out-of-bounds read in the orangefs_debug_write function. This flaw can occur when input data exceeds the allocated buffer size, potentially allowing an attacker to access sensitive information or cause a denial of service. Multiple patches have been suggested and tested to address this issue, ensuring improved stability and security of the affected systems. Users are advised to apply the latest updates to safeguard against this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f < 18b7f841109f697840fe8633cf7ed7d32bd3f91b

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f < 09d472a18c0ee1d5b83612cb919e33a1610fea16

Linux f7ab093f74bf638ed98fd1115f3efa17e308bb7f < 8725882b0f691f8113b230aea9df0256030a63a6

References

https://git.kernel.org/stable/c/18b7f841109f697840fe8633c...
https://git.kernel.org/stable/c/09d472a18c0ee1d5b83612cb9...
https://git.kernel.org/stable/c/8725882b0f691f8113b230aea...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.