CVE-2025-21997

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21997

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21997.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21997

Downstream

BELL-CVE-2025-21997

DEBIAN-CVE-2025-21997

DLA-4193-1

DSA-5900-1

ECHO-b414-336e-cae9

MINI-cp76-gq7r-r4qv

OESA-2025-1878

OESA-2025-1879

OESA-2025-1880

RHSA-2025:8643

RHSA-2025:8669

SUSE-SU-2025:02249-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

UBUNTU-CVE-2025-21997

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

USN-7764-1

USN-7764-2

USN-7765-1

USN-7766-1

USN-7767-1

USN-7767-2

USN-7779-1

USN-7790-1

USN-7800-1

USN-7801-1

USN-7802-1

Related

Published

2025-04-03T08:15:15Z

Modified

2025-10-01T18:15:42Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xpcreateandassignumem()

Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area.

Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages