CVE-2025-21782

HIGH EPSS 14.5%
Published Feb 27, 20251y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Feb 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel* <6.1.129
linuxlinux_kernel*≥6.2  –  <6.6.79
linuxlinux_kernel*≥6.7  –  <6.12.16
linuxlinux_kernel*≥6.13  –  <6.13.4

References 10

  • git.kernel.org https://git.kernel.org/stable/c/09d472a18c0ee1d5b83612cb919e33a1610fea16
  • git.kernel.org https://git.kernel.org/stable/c/18b7f841109f697840fe8633cf7ed7d32bd3f91b
  • git.kernel.org https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/8725882b0f691f8113b230aea9df0256030a63a6
  • git.kernel.org https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39
    Mailing ListPatch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364
    Mailing ListPatch
  • git.kernel.org https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39
    Mailing ListPatch