Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-21668

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2025
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pmdomain: imx8mp-blk-ctrl: add missing loop break condition<br /> <br /> Currently imx8mp_blk_ctrl_remove() will continue the for loop<br /> until an out-of-bounds exception occurs.<br /> <br /> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : dev_pm_domain_detach+0x8/0x48<br /> lr : imx8mp_blk_ctrl_shutdown+0x58/0x90<br /> sp : ffffffc084f8bbf0<br /> x29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000<br /> x26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028<br /> x23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0<br /> x20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff<br /> x17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72<br /> x14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000<br /> x11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8<br /> x8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000<br /> x5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077<br /> x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000<br /> Call trace:<br /> dev_pm_domain_detach+0x8/0x48<br /> platform_shutdown+0x2c/0x48<br /> device_shutdown+0x158/0x268<br /> kernel_restart_prepare+0x40/0x58<br /> kernel_kexec+0x58/0xe8<br /> __do_sys_reboot+0x198/0x258<br /> __arm64_sys_reboot+0x2c/0x40<br /> invoke_syscall+0x5c/0x138<br /> el0_svc_common.constprop.0+0x48/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x38/0xc8<br /> el0t_64_sync_handler+0x120/0x130<br /> el0t_64_sync+0x190/0x198<br /> Code: 8128c2d0 ffffffc0 aa1e03e9 d503201f

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 6.1.127 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.74 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.11 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools