#VU104975 Out-of-bounds read in Linux kernel - CVE-2025-21734

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU104975

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21734

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fastrpc_get_args() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/24a79c6bc8de763f7c50f4f84f8b0c183bc25a51
https://git.kernel.org/stable/c/c0464bad0e85fcd5d47e4297d1e410097c979e55
https://git.kernel.org/stable/c/c3f7161123fcbdc64e90119ccce292d8b66281c4
https://git.kernel.org/stable/c/c56ba3ea8e3c9a69a992aad18f7a65e43e51d623
https://git.kernel.org/stable/c/e966eae72762ecfdbdb82627e2cda48845b9dd66

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for kernel

openEuler 24.03 LTS SP1 update for kernel

Out-of-bounds read in Linux kernel misc driver