|
Vulnerabilities
< Back

CVE-2025-21997

Updated on 03 Apr 2025

Severity

5.5 Medium severity

Details

CVSS score
5.5
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xp_create_and_assign_umem()

Since the i and pool->chunk_size variables are of type ‘u32’, their product can wrap around and then be cast to ‘u64’. This can lead to two different XDP buffers pointing to the same memory area.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

Details

Affected product:
AlmaLinux 9.2 ESU , TuxCare 9.6 ESU
Affected packages:
kernel @ 5.14.0 (+1 more)

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xp_create_and_assign_umem()

Since the i and pool->chunk_size variables are of type ‘u32’, their product can wrap around and then be cast to ‘u64’. This can lead to two different XDP buffers pointing to the same memory area.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

Fixes