CVE-2025-21711
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
27/02/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net/rose: prevent integer overflows in rose_setsockopt()<br />
<br />
In case of possible unpredictably large arguments passed to<br />
rose_setsockopt() and multiplied by extra values on top of that,<br />
integer overflows may occur.<br />
<br />
Do the safest minimum and fix these issues by checking the<br />
contents of &#39;opt&#39; and returning -EINVAL if they are too large. Also,<br />
switch to unsigned int and remove useless check for negative &#39;opt&#39;<br />
in ROSE_IDLE case.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.12 (including) | 6.1.129 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.76 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.13 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/352daa50946c3bbb662432e8daf54d6760796589
- https://git.kernel.org/stable/c/4bdd449977e2364a53d0b2a5427e71beb1cd702d
- https://git.kernel.org/stable/c/9bdee49ad6bbd26ab5e13cc6731e54fb1b6c1dca
- https://git.kernel.org/stable/c/b8583b54455cbec2fc038fa32b6700890b369815
- https://git.kernel.org/stable/c/d08f4074f9c69f7e95502587eb1b258a965ba7f0
- https://git.kernel.org/stable/c/d640627663bfe7d8963c7615316d7d4ef60f3b0b
- https://git.kernel.org/stable/c/e5338930a29d0ab2a5af402f5f664aeba0d1a676
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html