Out-of-Bounds Write Vulnerability in Linux Kernel Affects Cache Information Management
CVE-2025-21785

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

The vulnerability in the Linux kernel pertains to an out-of-bounds write related to the cacheinfo array. Although there was an existing bounds check for the array size during cache level detection and population, it failed to consider cache levels that utilize separate data and instruction caches. This oversight could potentially lead to improper memory access and corruption. The vulnerability has been addressed by enhancing the population index increment specifically for leaf nodes, rather than any populated level, thus preventing the potential for out-of-bounds writes.

Affected Version(s)

Linux 5d425c18653731af62831d30a4fa023d532657a9 < 4ff25f0b18d1d0174c105e4620428bcdc1213860

Linux 5d425c18653731af62831d30a4fa023d532657a9

Linux 5d425c18653731af62831d30a4fa023d532657a9 < 715eb1af64779e1b1aa0a7b2ffb81414d9f708e5

References

https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e462...

https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959...

https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2f...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024