CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: Don&amp;#39;t map the entire mokvar table to determine its size<br /> <br /> Currently, when validating the mokvar table, we (re)map the entire table<br /> on each iteration of the loop, adding space as we discover new entries.<br /> If the table grows over a certain size, this fails due to limitations of<br /> early_memmap(), and we get a failure and traceback:<br /> <br /> ------------[ cut here ]------------<br /> WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220<br /> ...<br /> Call Trace:<br /> <br /> ? __early_ioremap+0xef/0x220<br /> ? __warn.cold+0x93/0xfa<br /> ? __early_ioremap+0xef/0x220<br /> ? report_bug+0xff/0x140<br /> ? early_fixup_exception+0x5d/0xb0<br /> ? early_idt_handler_common+0x2f/0x3a<br /> ? __early_ioremap+0xef/0x220<br /> ? efi_mokvar_table_init+0xce/0x1d0<br /> ? setup_arch+0x864/0xc10<br /> ? start_kernel+0x6b/0xa10<br /> ? x86_64_start_reservations+0x24/0x30<br /> ? x86_64_start_kernel+0xed/0xf0<br /> ? common_startup_64+0x13e/0x141<br /> <br /> ---[ end trace 0000000000000000 ]---<br /> mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.<br /> <br /> Mapping the entire structure isn&amp;#39;t actually necessary, as we don&amp;#39;t ever<br /> need more than one entry header mapped at once.<br /> <br /> Changes efi_mokvar_table_init() to only map each entry header, not the<br /> entire table, when determining the table size. Since we&amp;#39;re not mapping<br /> any data past the variable name, it also changes the code to enforce<br /> that each variable name is NUL terminated, rather than attempting to<br /> verify it in place.