CVE-2025-2073: Out-of-Bounds Read in ChromeOS Kernel ip_set_bitmap_ip.c

Description

Out-of-Bounds Read in ip_set_bitmap_ip.c in Google ChromeOS Kernel Versions 6.1, 5.15, 5.10, 5.4, 4.19. on All devices where Termina is used allows an attacker with CAP_NET_ADMIN privileges to cause memory corruption and potentially escalate privileges via crafted ipset commands.

Classification

CVE ID: CVE-2025-2073

Problem Types

Out-of-Bounds Read

Affected Products

Vendor: Google

Product: ChromeOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.32% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2073
https://issuetracker.google.com/issues/380043638
https://issues.chromium.org/issues/b/380043638

Timeline

2025-04-17 00:40:22 UTC
CVE

Out-of-Bounds Read in ChromeOS Kernel ip_set_bitmap_ip.c