#VU105159 Buffer overflow in Linux kernel - CVE-2025-21804

Cybersecurity Help s.r.o.

Published: 2025-02-28

Vulnerability identifier: #VU105159

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21804

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rcar_pcie_parse_outbound_ranges() function in drivers/pci/controller/pcie-rcar-ep.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/24576899c49509c0d533bcf569139f691d8f7af7
https://git.kernel.org/stable/c/2c54b9fca1755e80a343ccfde0652dc5ea4744b2
https://git.kernel.org/stable/c/2d2da5a4c1b4509f6f7e5a8db015cd420144beb4
https://git.kernel.org/stable/c/44708208c2a4b828a57a2abe7799c9d3962e7eaa
https://git.kernel.org/stable/c/9ff46b0bfeb6e0724a4ace015aa7a0b887cdb7c1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP4 update for kernel

SUSE update for the Linux Kernel

openEuler 24.03 LTS update for kernel

openEuler 24.03 LTS SP1 update for kernel

Buffer overflow in Linux kernel pci controller driver