CVE-2025-21789
Published: 27 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64.
Security Summary
CVE-2025-21789 is a vulnerability in the Linux kernel's LoongArch architecture implementation of IP checksum calculation. It manifests as an out-of-bounds read and undefined shift operation triggered by negative lengths, stemming from commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system"). This issue mirrors a previously fixed problem in ARM64 via commit 8bd795fedb84. The flaw is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables high-impact confidentiality violations through out-of-bounds reads, potentially leaking sensitive kernel memory, alongside high availability disruption, such as denial of service via crashes or instability.
Mitigation is provided through upstream kernel patches in the stable repository, including commits 6287f1a8c16138c2ec750953e35039634018c84a, 964a8895704a22efc06a2a3276b624a5ae985a06, 9f15a8df542c0f08732a67d1a14ee7c22948fb97, and d6508ffff32b44b6d0de06704034e4eef1c307a7. Security practitioners should update affected LoongArch-based Linux kernels to incorporate these fixes.
Details
- CWE(s)