CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-21782: orangefs: fix a oob in orangefs_debug_write

Description

In the Linux kernel, the following vulnerability has been resolved:

orangefs: fix a oob in orangefs_debug_write

I got a syzbot report: slab-out-of-bounds Read in
orangefs_debug_write... several people suggested fixes,
I tested Al Viro's suggestion and made this patch.

Classification

CVE ID: CVE-2025-21782

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.4% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21782
https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786
https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087
https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364
https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09
https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39

Timeline

2025-02-27 03:40:41 UTC
CVE

orangefs: fix a oob in orangefs_debug_write