CVE-2025-21724

27.02.2025, 02:15

In the Linux kernel, the following vulnerability has been resolved:

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()
where shifting the constant "1" (of type int) by bitmap->mapped.pgshift
(an unsigned long value) could result in undefined behavior.

The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds
31 (e.g., pgshift = 63) the shift operation overflows, as the result
cannot be represented in a 32-bit type.

To resolve this, the constant is updated to "1UL", promoting it to an
unsigned long type to match the operand's type.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.137-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.27-1 fixed
sid	6.12.30-1 fixed

linux-6.1

bullseye (security)

6.1.137-1~deb11u1

fixed

References

https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9

https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3

https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6

https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe

https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c