Memory Access Issues in the Linux Kernel Affecting Resource Management
CVE-2025-21804

Currently unrated

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
27 February 2025

Summary

A vulnerability in the Linux kernel's PCI subsystem could result from the misuse of a string variable in the rcar_pcie_parse_outbound_ranges() function. This failure to correctly pass a dynamically computed resource name to the devm_request_mem_region() macro can lead to various undefined behaviors, including unpredictable errors when accessing the /proc/iomem output. In rare circumstances, a lack of a NULL-terminator in the string may cause system crashes by accessing unmapped memory above the stack. This is critical for system stability and requires prompt mitigation through the latest patches.

Affected Version(s)

Linux 2a6d0d63d99956a66f6605832f11755d74a41951 < 24576899c49509c0d533bcf569139f691d8f7af7

Linux 2a6d0d63d99956a66f6605832f11755d74a41951 < 2c54b9fca1755e80a343ccfde0652dc5ea4744b2

Linux 2a6d0d63d99956a66f6605832f11755d74a41951 < 9ff46b0bfeb6e0724a4ace015aa7a0b887cdb7c1

References

https://git.kernel.org/stable/c/24576899c49509c0d533bcf56...
https://git.kernel.org/stable/c/2c54b9fca1755e80a343ccfde...
https://git.kernel.org/stable/c/9ff46b0bfeb6e0724a4ace015...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.