CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls
First published: Mon Feb 10 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=4.1<5.4.290 | |
| Linux Kernel | >=5.5<5.10.234 | |
| Linux Kernel | >=5.11<5.15.178 | |
| Linux Kernel | >=5.16<6.1.128 | |
| Linux Kernel | >=6.2<6.6.75 | |
| Linux Kernel | >=6.7<6.12.12 | |
| Linux Kernel | =6.13 | |
| Linux Kernel | =6.13-rc1 | |
| Linux Kernel | =6.13-rc2 | |
| Linux Kernel | =6.13-rc3 | |
| Linux Kernel | =6.13-rc4 | |
| Linux Kernel | =6.13-rc5 | |
| Linux Kernel | =6.13-rc6 | |
| Linux Kernel | =6.13-rc7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/1485932496a1b025235af8aa1e21988d6b7ccd54
- https://git.kernel.org/stable/c/665cfd1083866f87301bbd232cb8ba48dcf4acce
- https://git.kernel.org/stable/c/6bcb8a5b70b80143db9bf12dfa7d53636f824d53
- https://git.kernel.org/stable/c/92340e6c5122d823ad064984ef7513eba9204048
- https://git.kernel.org/stable/c/a20fcaa230f7472456d12cf761ed13938e320ac3
- https://git.kernel.org/stable/c/c981c32c38af80737a2fedc16e270546d139ccdd
- https://git.kernel.org/stable/c/ce9ff21ea89d191e477a02ad7eabf4f996b80a69
- https://git.kernel.org/stable/c/d19a8650fd3d7aed8d1af1d9a77f979a8430eba1
- https://git.kernel.org/stable/c/f21636f24b6786c8b13f1af4319fa75ffcf17f38
Frequently Asked Questions
What is the severity of CVE-2025-21687?
CVE-2025-21687 has a moderate severity due to risks associated with bounds checking in read/write syscalls.
How do I fix CVE-2025-21687?
To fix CVE-2025-21687, update to the latest version of the Linux kernel that includes the patch for this vulnerability.
What are the consequences of exploiting CVE-2025-21687?
Exploiting CVE-2025-21687 may allow an attacker to read or write outside the bounds of the device, potentially leading to data corruption or unauthorized access.
Which versions of the Linux kernel are affected by CVE-2025-21687?
CVE-2025-21687 affects specific versions of the Linux kernel where bounds checking on user-space inputs was not properly implemented.
Is CVE-2025-21687 related to any specific device drivers?
CVE-2025-21687 is related to vfio/platform device drivers that handle read/write syscalls without adequate input validation.
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/author
- agent/source
- collector/nvd-api
- source/NVD
- agent/event
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.1
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13
- version/linux kernel/6.13-rc1
- version/linux kernel/6.13-rc2
- version/linux kernel/6.13-rc3
- version/linux kernel/6.13-rc4
- version/linux kernel/6.13-rc5
- version/linux kernel/6.13-rc6
- version/linux kernel/6.13-rc7