CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21772: partitions: mac: fix handling of bogus partition table

Description

In the Linux kernel, the following vulnerability has been resolved:

partitions: mac: fix handling of bogus partition table

Fix several issues in partition probing:

- The bailout for a bad partoffset must use put_dev_sector(), since the
preceding read_part_sector() succeeded.
- If the partition table claims a silly sector size like 0xfff bytes
(which results in partition table entries straddling sector boundaries),
bail out instead of accessing out-of-bounds memory.
- We must not assume that the partition table contains proper NUL
termination - use strnlen() and strncmp() instead of strlen() and
strcmp().

Classification

CVE ID: CVE-2025-21772

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 10.65% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21772
https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5
https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b
https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f
https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27
https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0

Timeline

2025-02-27 03:40:38 UTC
CVE

partitions: mac: fix handling of bogus partition table
2025-03-06 09:45:23 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2025-21772