#VU103753 Incorrect calculation in Linux kernel - CVE-2025-21687
Vulnerability identifier: #VU103753
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the vfio_platform_read_mmio() and vfio_platform_write_mmio() functions in drivers/vfio/platform/vfio_platform_common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/665cfd1083866f87301bbd232cb8ba48dcf4acce
https://git.kernel.org/stable/c/6bcb8a5b70b80143db9bf12dfa7d53636f824d53
https://git.kernel.org/stable/c/92340e6c5122d823ad064984ef7513eba9204048
https://git.kernel.org/stable/c/a20fcaa230f7472456d12cf761ed13938e320ac3
https://git.kernel.org/stable/c/c981c32c38af80737a2fedc16e270546d139ccdd
https://git.kernel.org/stable/c/ce9ff21ea89d191e477a02ad7eabf4f996b80a69
https://git.kernel.org/stable/c/d19a8650fd3d7aed8d1af1d9a77f979a8430eba1
https://git.kernel.org/stable/c/f21636f24b6786c8b13f1af4319fa75ffcf17f38
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
