In the Linux kernel, the following vulnerability has been resolved:
partitions: mac: fix handling of bogus partition table
Fix several issues in partition probing:
- The bailout for a bad partoffset must use put_dev_sector(), since the
preceding read_part_sector() succeeded.
- If the partition table claims a silly sector size like 0xfff bytes
(which results in partition table entries straddling sector boundaries),
bail out instead of accessing out-of-bounds memory.
- We must not assume that the partition table contains proper NUL
termination - use strnlen() and strncmp() instead of strlen() and
strcmp().
CVE ID: CVE-2025-21772
Vendor: Linux, Linux
Product: Linux, Linux
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 10.65% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)