CVE-2025-39778

18.04.2025, 07:15

In the Linux kernel, the following vulnerability has been resolved:

objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()

The csts_state_names[] array only has six sparse entries, but the
iteration code in nvmet_ctrl_state_show() iterates seven, resulting in a
potential out-of-bounds stack read. Fix that.

Fixes the following warning with an UBSAN kernel:

vmlinux.o: warning: objtool: .text.nvmet_ctrl_state_show: unexpected end of section

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Vendor	Product	Version
linux	linux_kernel	6.11 ≤ 𝑥 < 6.12.23
linux	linux_kernel	6.13 ≤ 𝑥 < 6.13.11
linux	linux_kernel	6.14 ≤ 𝑥 < 6.14.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.137-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie	6.12.27-1 fixed
sid	6.12.30-1 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Zustand oder nicht näher spezifizierte Auswirkungen zu verursachen.
Published: 2025-04-21T22:00:00+00:00

References

https://git.kernel.org/stable/c/0cc0efc58d6c741b2868d4af24874d7fec28a575

https://git.kernel.org/stable/c/107a23185d990e3df6638d9a84c835f963fe30a6

https://git.kernel.org/stable/c/1adc93a525fdee8e2b311e6d5fd93eb69714ca05

https://git.kernel.org/stable/c/8fbf37a3577b4d64c150cafde338eee17b2f2ea4