CVE-2025-21997

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21997
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21997.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-21997
Downstream
Related
Published
2025-04-03T08:15:15Z
Modified
2025-10-01T18:15:42Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xpcreateandassignumem()

Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages