CVE-2025-21680

31.01.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

pktgen: Avoid out-of-bounds access in get_imix_entries

Passing a sufficient amount of imix entries leads to invalid access to the
pkt_dev->imix_entries array because of the incorrect boundary check.

UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24
index 20 is out of range for type 'imix_pkt [20]'
CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Call Trace:
<TASK>
dump_stack_lvl lib/dump_stack.c:117
__ubsan_handle_out_of_bounds lib/ubsan.c:429
get_imix_entries net/core/pktgen.c:874
pktgen_if_write net/core/pktgen.c:1063
pde_write fs/proc/inode.c:334
proc_reg_write fs/proc/inode.c:346
vfs_write fs/read_write.c:593
ksys_write fs/read_write.c:644
do_syscall_64 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[ fp: allow to fill the array completely; minor changelog cleanup ]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
linux	linux_kernel	5.15 ≤ 𝑥 < 5.15.177
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.127
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.74
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.11
linux	linux_kernel	6.13:rc1
linux	linux_kernel	6.13:rc2
linux	linux_kernel	6.13:rc3
linux	linux_kernel	6.13:rc4
linux	linux_kernel	6.13:rc5
linux	linux_kernel	6.13:rc6
linux	linux_kernel	6.13:rc7

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.234-1 fixed
bookworm	6.1.129-1 fixed
bookworm (security)	6.1.128-1 fixed
trixie	6.12.20-1 fixed
sid	6.12.21-1 fixed

linux-6.1

bullseye (security)

6.1.129-1~deb11u1

fixed

Common Weakness Enumeration

CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Zustand oder andere, nicht näher beschriebene Auswirkungen zu verursachen.
Published: 2025-01-30T23:00:00+00:00

References

https://git.kernel.org/stable/c/1a9b65c672ca9dc4ba52ca2fd54329db9580ce29

https://git.kernel.org/stable/c/3450092cc2d1c311c5ea92a2486daa2a33520ea5

https://git.kernel.org/stable/c/76201b5979768500bca362871db66d77cb4c225e

https://git.kernel.org/stable/c/7cde21f52042aa2e29a654458166b873d2ae66b3

https://git.kernel.org/stable/c/e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486