Out-of-Bounds Access in Linux Kernel Affecting LoongArch and ARM64 Architectures
CVE-2025-21789

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability in the Linux kernel has been identified, which involves out-of-bounds (OoB) access due to an issue in the IP checksum code. The root cause stems from a specific change made in commit 69e3a6aa6be2 that introduces the possibility of an undefined shift, leading to abnormal access patterns. This issue is particularly relevant for both LoongArch and ARM64 architectures, with a fix provided in subsequent commits to ensure security and stability in TCP/IP checksum operations.

Affected Version(s)

Linux 69e3a6aa6be21de6aaf38130fad97ecde34a193c < 964a8895704a22efc06a2a3276b624a5ae985a06

Linux 69e3a6aa6be21de6aaf38130fad97ecde34a193c < 9f15a8df542c0f08732a67d1a14ee7c22948fb97

Linux 69e3a6aa6be21de6aaf38130fad97ecde34a193c

References

https://git.kernel.org/stable/c/964a8895704a22efc06a2a327...

https://git.kernel.org/stable/c/9f15a8df542c0f08732a67d1a...

https://git.kernel.org/stable/c/d6508ffff32b44b6d0de06704...

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Dec 29, 2024