CVE-2025-21789
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read.
Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 69e3a6aa6be21de6aaf38130fad97ecde34a193c < 964a8895704a22efc06a2a3276b624a5ae985a06 | affected |
| Linux | Linux | 69e3a6aa6be21de6aaf38130fad97ecde34a193c < 9f15a8df542c0f08732a67d1a14ee7c22948fb97 | affected |
| Linux | Linux | 69e3a6aa6be21de6aaf38130fad97ecde34a193c < d6508ffff32b44b6d0de06704034e4eef1c307a7 | affected |
| Linux | Linux | 69e3a6aa6be21de6aaf38130fad97ecde34a193c < 6287f1a8c16138c2ec750953e35039634018c84a | affected |
| Linux | Linux | 6.4 | affected |
| Linux | Linux | 0 < 6.4 | unaffected |
| Linux | Linux | 6.6.79 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.16 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.4 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/964a8895704a22efc06a2a3276b624a5ae985a06
- https://git.kernel.org/stable/c/9f15a8df542c0f08732a67d1a14ee7c22948fb97
- https://git.kernel.org/stable/c/d6508ffff32b44b6d0de06704034e4eef1c307a7
- https://git.kernel.org/stable/c/6287f1a8c16138c2ec750953e35039634018c84a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.