CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

Description

In the Linux kernel, the following vulnerability has been resolved:

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()
where shifting the constant "1" (of type int) by bitmap->mapped.pgshift
(an unsigned long value) could result in undefined behavior.

The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds
31 (e.g., pgshift = 63) the shift operation overflows, as the result
cannot be represented in a 32-bit type.

To resolve this, the constant is updated to "1UL", promoting it to an
unsigned long type to match the operand's type.

Classification

CVE ID: CVE-2025-21724

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 4.27% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21724
https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3
https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9
https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe
https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6
https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c

Timeline

2025-02-27 02:40:22 UTC
CVE

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()
2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-21724