#VU103743 Out-of-bounds read in Linux kernel - CVE-2025-21692
Vulnerability identifier: #VU103743
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ets_class_from_arg() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/03c56665dab1f4ac844bc156652d50d639093fa5
https://git.kernel.org/stable/c/1332c6ed446be787f901ed1064ec6a3c694f028a
https://git.kernel.org/stable/c/997f6ec4208b23c87daf9f044689685f091826f7
https://git.kernel.org/stable/c/bcf0d815e728a3a304b50455b32a3170c16e1eaa
https://git.kernel.org/stable/c/d62b04fca4340a0d468d7853bd66e511935a18cb
https://git.kernel.org/stable/c/f4168299e553f17aa2ba4016e77a9c38da40eb1d
https://git.kernel.org/stable/c/f6b0f05fbfa4044f890e8a348288c0d9a20bd1d0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
