CVE-2025-21873

MEDIUM EPSS 8.6%
Published Mar 27, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥6.3  –  <6.6.81
linuxlinux_kernel*≥6.7  –  <6.12.18
linuxlinux_kernel*≥6.13  –  <6.13.6
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63
    Patch