AZL-59904

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59904.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59904

Upstream

CVE-2025-21997

Published

2025-04-03T08:15:15Z

Modified

2026-04-01T05:19:33.719838Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2025-21997 affecting package kernel for versions less than 6.6.85.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xpcreateandassignumem()

Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21997

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.85.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59904.json"