CVE-2025-21873

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21873
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21873.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21873
Downstream
Related
Published
2025-03-27T14:57:04Z
Modified
2025-10-17T22:17:12.061194Z
Summary
scsi: ufs: core: bsg: Fix crash when arpmb command fails
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: bsg: Fix crash when arpmb command fails

If the device doesn't support arpmb we'll crash due to copying user data in bsgtransportsgiofn().

In the case where ufsbsgexecadvancedrpmbreq() returns an error, do not set the job's replylen.

Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22

4,1308,531166555,-;Call Trace:

4,1309,531166559,-; <TASK>

4,1310,531166565,-; ? show_regs+0x6d/0x80

4,1311,531166575,-; ? die+0x37/0xa0

4,1312,531166583,-; ? do_trap+0xd4/0xf0

4,1313,531166593,-; ? doerrortrap+0x71/0xb0

4,1314,531166601,-; ? usercopy_abort+0x6c/0x80

4,1315,531166610,-; ? excinvalidop+0x52/0x80

4,1316,531166622,-; ? usercopy_abort+0x6c/0x80

4,1317,531166630,-; ? asmexcinvalid_op+0x1b/0x20

4,1318,531166643,-; ? usercopy_abort+0x6c/0x80

4,1319,531166652,-; _checkheap_object+0xe3/0x120

4,1320,531166661,-; checkheapobject+0x185/0x1d0

4,1321,531166670,-; _checkobject_size.part.0+0x72/0x150

4,1322,531166679,-; _checkobject_size+0x23/0x30

4,1323,531166688,-; bsgtransportsgiofn+0x314/0x3b0

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ff265fc5ef660499e0edc4641647e99eed3f519
Fixed
32fb5ec825f6f76bc28902181c65429a904a07fe
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ff265fc5ef660499e0edc4641647e99eed3f519
Fixed
59455f968c1004ed897ba873237657745d81ce0f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ff265fc5ef660499e0edc4641647e99eed3f519
Fixed
7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6ff265fc5ef660499e0edc4641647e99eed3f519
Fixed
f27a95845b01e86d67c8b014b4f41bd3327daa63

Affected versions

v6.*

v6.1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.14-rc1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "id": "CVE-2025-21873-0b40710a",
        "signature_type": "Function",
        "target": {
            "function": "ufs_bsg_request",
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32fb5ec825f6f76bc28902181c65429a904a07fe",
        "digest": {
            "length": 1760.0,
            "function_hash": "38366987355688412278920831015447995377"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-14d5b50d",
        "signature_type": "Function",
        "target": {
            "function": "ufs_bsg_request",
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@59455f968c1004ed897ba873237657745d81ce0f",
        "digest": {
            "length": 1760.0,
            "function_hash": "38366987355688412278920831015447995377"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-3c5f31a7",
        "signature_type": "Line",
        "target": {
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@59455f968c1004ed897ba873237657745d81ce0f",
        "digest": {
            "line_hashes": [
                "233858983789835597607224107745528438067",
                "249462944583012699700797416974204247019",
                "63911826973786895151637523858635402175",
                "312143369146414422864725006729566942668",
                "282333883556640130358046155529934758055",
                "66792530185455219863249762392024988882"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-41266ed7",
        "signature_type": "Function",
        "target": {
            "function": "ufs_bsg_request",
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f27a95845b01e86d67c8b014b4f41bd3327daa63",
        "digest": {
            "length": 1760.0,
            "function_hash": "38366987355688412278920831015447995377"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-d475dd20",
        "signature_type": "Line",
        "target": {
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@32fb5ec825f6f76bc28902181c65429a904a07fe",
        "digest": {
            "line_hashes": [
                "233858983789835597607224107745528438067",
                "249462944583012699700797416974204247019",
                "63911826973786895151637523858635402175",
                "312143369146414422864725006729566942668",
                "282333883556640130358046155529934758055",
                "66792530185455219863249762392024988882"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-d4abc102",
        "signature_type": "Line",
        "target": {
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327",
        "digest": {
            "line_hashes": [
                "233858983789835597607224107745528438067",
                "249462944583012699700797416974204247019",
                "63911826973786895151637523858635402175",
                "312143369146414422864725006729566942668",
                "282333883556640130358046155529934758055",
                "66792530185455219863249762392024988882"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-e1b505d9",
        "signature_type": "Function",
        "target": {
            "function": "ufs_bsg_request",
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327",
        "digest": {
            "length": 1760.0,
            "function_hash": "38366987355688412278920831015447995377"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2025-21873-fd5b935c",
        "signature_type": "Line",
        "target": {
            "file": "drivers/ufs/core/ufs_bsg.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f27a95845b01e86d67c8b014b4f41bd3327daa63",
        "digest": {
            "line_hashes": [
                "233858983789835597607224107745528438067",
                "249462944583012699700797416974204247019",
                "63911826973786895151637523858635402175",
                "312143369146414422864725006729566942668",
                "282333883556640130358046155529934758055",
                "66792530185455219863249762392024988882"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.6.81
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.18
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.6