Text Patching Vulnerability in Linux Kernel Affecting PowerPC Systems
CVE-2025-21866

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability exists in the Linux kernel related to text patching in PowerPC systems. An improper flagging of a virtual memory area as VM_ALLOC without proper initialization led to out-of-bounds memory access. This issue was observed when a KASAN-enabled kernel attempted to access an uninitialized memory area during the boot process. The flaw stemmed from a mismanagement in the memory allocation strategy for the PowerPC text patching infrastructure, risking operational integrity and stability. Developers and system administrators using affected kernel versions should apply updates to address this vulnerability.

Affected Version(s)

Linux 37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 < 97de5852058a299ba447cd9782fe96488d30108b

Linux 37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1

Linux 37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 < 6847b3e40bb963e57b61d1cc6fe84cb37b9d3d4c

References

https://git.kernel.org/stable/c/97de5852058a299ba447cd978...

https://git.kernel.org/stable/c/f8d4c5b653c1bc0df56e15658...

https://git.kernel.org/stable/c/6847b3e40bb963e57b61d1cc6...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024