AZL-68973

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68973.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-68973

Upstream

CVE-2025-21738

Published

2025-02-27T03:15:14Z

Modified

2026-04-01T05:21:30.940558Z

Summary

CVE-2025-21738 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-sff: Ensure that we cannot write outside the allocated buffer

reveliofuzzing reported that a SCSIIOCTLSENDCOMMAND ioctl with outlen set to 0xd42, SCSI command set to ATA16 PASS-THROUGH, ATA command set to ATANOP, and protocol set to ATAPROTPIO, can cause atapiosector() to write outside the allocated buffer, overwriting random memory.

While a ATA device is supposed to abort a ATANOP command, there does seem to be a bug either in libata-sff or QEMU, where either this status is not set, or the status is cleared before read by atasffhsmmove(). Anyway, that is most likely a separate bug.

Looking at __atapipiobytes(), it already has a safety check to ensure that __atapipiobytes() cannot write outside the allocated buffer.

Add a similar check to atapiosector(), such that also atapiosector() cannot write outside the allocated buffer.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21738

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-68973.json"