{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21785", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.765Z", "datePublished": "2025-02-27T02:18:25.938Z", "dateUpdated": "2025-05-04T07:21:12.205Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:21:12.205Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kernel/cacheinfo.c"], "versions": [{"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "4371ac7b494e933fffee2bd6265d18d73c4f05aa", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "e4fde33107351ec33f1a64188612fbc6ca659284", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "88a3e6afaf002250220793df99404977d343db14", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "4ff25f0b18d1d0174c105e4620428bcdc1213860", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "ab90894f33c15b14c1cee6959ab6c8dcb09127f8", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "715eb1af64779e1b1aa0a7b2ffb81414d9f708e5", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "67b99a2b5811df4294c2ad50f9bff3b6a08bd618", "status": "affected", "versionType": "git"}, {"version": "5d425c18653731af62831d30a4fa023d532657a9", "lessThan": "875d742cf5327c93cba1f11e12b08d3cce7a88d2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm64/kernel/cacheinfo.c"], "versions": [{"version": "4.0", "status": "affected"}, {"version": "0", "lessThan": "4.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.291", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.79", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.16", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.4", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.4.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.6.79"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.12.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.13.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa"}, {"url": "https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284"}, {"url": "https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14"}, {"url": "https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860"}, {"url": "https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8"}, {"url": "https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5"}, {"url": "https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618"}, {"url": "https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2"}], "title": "arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E70FC3CF-C125-4C00-A68C-245EA48FB580", "versionEndExcluding": "6.1.129", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B16AADE5-B2FD-4C14-B4E4-85E8EDAFE775", "versionEndExcluding": "6.6.79", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "13C8DB18-FC60-425F-84E5-3EDDEC61B2FC", "versionEndExcluding": "6.12.16", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A2093ED-74A9-43F9-AC72-50030F374EA4", "versionEndExcluding": "6.13.4", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\n\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level)."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: cacheinfo: evitar escritura fuera de los l\u00edmites en la matriz cacheinfo El bucle que detecta/completa la informaci\u00f3n de cach\u00e9 ya tiene una comprobaci\u00f3n de los l\u00edmites en el tama\u00f1o de la matriz, pero no tiene en cuenta los niveles de cach\u00e9 con cach\u00e9 de datos/instrucciones independiente. Solucione esto incrementando el \u00edndice de cualquier hoja completada (en lugar de cualquier nivel completo)."}], "id": "CVE-2025-21785", "lastModified": "2025-03-13T13:15:54.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-27T03:15:19.350", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3264", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.46.1.rt7.387.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3260", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.46.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3209", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "kernel-0:4.18.0-193.148.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3207", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "kernel-0:4.18.0-305.152.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3211", "cpe": "cpe:/a:redhat:rhel_tus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.152.1.rt7.229.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3207", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "kernel-0:4.18.0-305.152.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3207", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "kernel-0:4.18.0-305.152.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3213", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.142.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3213", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.142.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3213", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.142.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3216", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.94.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3208", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.34.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3208", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.34.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3128", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.126.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3127", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.126.1.rt21.198.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3212", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.110.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3214", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.110.1.rt14.395.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3215", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.61.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-26T00:00:00Z"}], "bugzilla": {"description": "kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array", "id": "2348630", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348630"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\narm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array\nThe loop that detects/populates cache information already has a bounds\ncheck on the array size but does not account for cache levels with\nseparate data/instructions cache. Fix this by incrementing the index\nfor any populated leaf (instead of any populated level)."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-21785", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21785\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21785\nhttps://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21785-184c@gregkh/T"], "statement": "The bug actual only for ARM64 hardware (if ARMv8 or similar ARM CPU being used). There is no known way to trigger the bug, because user cannot control internal values for particular CPUs. As result would not be possible to trigger overflow by user even before this additional check added. For CVSS score the attack complexity is high as result.", "threat_severity": "Moderate"}

{}