#VU103512 Out-of-bounds read in Linux kernel - CVE-2025-21668

Cybersecurity Help s.r.o.

Published: 2025-02-03

Vulnerability identifier: #VU103512

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21668

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the imx8mp_blk_ctrl_remove() function in drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/488a68c948bc52dc2a4554a56fdd99aa67c49b06
https://git.kernel.org/stable/c/699cc10cc3068f9097a506eae7fe178c860dca4e
https://git.kernel.org/stable/c/726efa92e02b460811e8bc6990dd742f03b645ea
https://git.kernel.org/stable/c/926ad31b76b8e229b412536e77cdf828a5cae9c6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell SmartFabric Manager update for third-party components

Dell APEX Cloud Platform for Microsoft Azure update for third-party components

Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components

Ubuntu update for linux-azure

Ubuntu update for linux

SUSE update for the Linux Kernel

openEuler 24.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel