CVE-2025-21724

HIGH EPSS 7.3%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index() where shifting the constant "1" (of type int) by bitmap->mapped.pgshift (an unsigned long value) could result in undefined behavior. The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds 31 (e.g., pgshift = 63) the shift operation overflows, as the result cannot be represented in a 32-bit type. To resolve this, the constant is updated to "1UL", promoting it to an unsigned long type to match the operand's type.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
7.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥6.1  –  <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.76
linuxlinux_kernel*≥6.7  –  <6.12.13
linuxlinux_kernel*≥6.13  –  <6.13.2

References 7

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-082556.html
  • git.kernel.org https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c
    Patch