Memory Corruption in Linux Kernel dm-flakey Feature by Vendor Linux
CVE-2025-21966

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

This vulnerability in the Linux kernel's dm-flakey feature arises from improper handling of parameters passed to the bio_init function. Specifically, it results in memory corruption, which can potentially lead to unpredictable behavior or crashes in systems utilizing this feature. The flaw underscores the need for rigorous parameter validation to ensure the integrity and stability of the kernel. Various releases of the kernel are affected, making it essential for users to apply updates and patches to safeguard their systems.

Affected Version(s)

Linux 1d9a943898533e83f20370c0e1448d606627522e < 818330f756f3800c37d738bd36bce60eac949938

Linux 1d9a943898533e83f20370c0e1448d606627522e < 5a87e46da2418c57b445371f5ca0958d5779ba5f

Linux 1d9a943898533e83f20370c0e1448d606627522e

References

https://git.kernel.org/stable/c/818330f756f3800c37d738bd3...

https://git.kernel.org/stable/c/5a87e46da2418c57b445371f5...

https://git.kernel.org/stable/c/da070843e153471be4297a12f...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024