CVE-2025-21777

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ring-buffer: Validate the persistent meta data subbuf array<br /> <br /> The meta data for a mapped ring buffer contains an array of indexes of all<br /> the subbuffers. The first entry is the reader page, and the rest of the<br /> entries lay out the order of the subbuffers in how the ring buffer link<br /> list is to be created.<br /> <br /> The validator currently makes sure that all the entries are within the<br /> range of 0 and nr_subbufs. But it does not check if there are any<br /> duplicates.<br /> <br /> While working on the ring buffer, I corrupted this array, where I added<br /> duplicates. The validator did not catch it and created the ring buffer<br /> link list on top of it. Luckily, the corruption was only that the reader<br /> page was also in the writer path and only presented corrupted data but did<br /> not crash the kernel. But if there were duplicates in the writer side,<br /> then it could corrupt the ring buffer link list and cause a crash.<br /> <br /> Create a bitmask array with the size of the number of subbuffers. Then<br /> clear it. When walking through the subbuf array checking to see if the<br /> entries are within the range, test if its bit is already set in the<br /> subbuf_mask. If it is, then there is duplicates and fail the validation.<br /> If not, set the corresponding bit and continue.