Cyber Posture

CVE-2025-21680

High

Published: 31 January 2025

Published
31 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24 index 20 is out of range for type 'imix_pkt [20]' CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl lib/dump_stack.c:117 __ubsan_handle_out_of_bounds lib/ubsan.c:429 get_imix_entries net/core/pktgen.c:874 pktgen_if_write net/core/pktgen.c:1063 pde_write fs/proc/inode.c:334 proc_reg_write fs/proc/inode.c:346 vfs_write fs/read_write.c:593 ksys_write fs/read_write.c:644 do_syscall_64 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130 Found by Linux Verification Center (linuxtesting.org) with SVACE. [ fp: allow to fill the array completely; minor changelog cleanup ]

Security Summary

CVE-2025-21680 is an array index out-of-bounds vulnerability in the Linux kernel's pktgen module, located in the net/core/pktgen.c file. The issue arises in the get_imix_entries function due to an incorrect boundary check, allowing a sufficient number of imix entries to trigger invalid access to the pkt_dev->imix_entries array, which is sized for 20 elements. This was detected via UBSAN during testing on kernel version 6.10.0-rc1, with the flaw reported by the Linux Verification Center using SVACE static analysis.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation leads to high-impact confidentiality, integrity, and availability violations, as rated by the CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The out-of-bounds access could enable memory corruption, potentially resulting in arbitrary code execution, data leakage, or system denial of service.

Kernel patches addressing this issue are available in multiple stable branches via the referenced commits, such as 1a9b65c672ca9dc4ba52ca2fd54329db9580ce29 and others. These fixes allow the imix_entries array to be filled completely while performing minor changelog cleanups, resolving the boundary check flaw. Security practitioners should update affected Linux kernels to incorporate these patches.

Details

CWE(s)
CWE-129

Affected Products

linux
linux kernel
6.13 · 5.15 — 5.15.177 · 5.16 — 6.1.127 · 6.2 — 6.6.74

References