CVE-2025-21687
Published: 10 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device.
Security Summary
CVE-2025-21687 is a vulnerability in the Linux kernel's VFIO platform module, which handles device passthrough for virtual machines. The issue stems from insufficient bounds checking on the count and offset parameters passed from user space during read and write syscalls. While the offset is capped at 40 bits, the count is not validated, enabling out-of-bounds reads and writes beyond the allocated device memory region. This flaw is classified under CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write), with a CVSS v3.1 base score of 7.8.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation allows high-impact arbitrary reads and writes (C:H/I:H/A:H) on the targeted device memory without elevating privileges (S:U), potentially leading to kernel memory corruption, data leakage, or denial of service.
Mitigation involves applying the upstream kernel patches available in the referenced stable branch commits, including 1485932496a1b025235af8aa1e21988d6b7ccd54, 665cfd1083866f87301bbd232cb8ba48dcf4acce, 6bcb8a5b70b80143db9bf12dfa7d53636f824d53, 92340e6c5122d823ad064984ef7513eba9204048, and 9377cdc118cf327248f1a9dde7b87de067681dc9, which add proper bounds checks for both count and offset parameters.
Details
- CWE(s)