Main Vulnerability Database SB2025031272

SB2025031272 - Integer underflow in Linux kernel mm

Published: March 12, 2025 Updated: May 11, 2025

Security Bulletin ID SB2025031272

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer underflow (CVE-ID: CVE-2025-21860)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the zswap_store_page() and zswap_store() functions in mm/zswap.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/63895d20d63b446f5049a963983489319c2ea3e2
https://git.kernel.org/stable/c/a3652f5552b20903315612da487a7be2b95394d5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.5