CVE-2025-21873

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: ufs: core: bsg: Fix crash when arpmb command fails<br /> <br /> If the device doesn&amp;#39;t support arpmb we&amp;#39;ll crash due to copying user data in<br /> bsg_transport_sg_io_fn().<br /> <br /> In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not<br /> set the job&amp;#39;s reply_len.<br /> <br /> Memory crash backtrace:<br /> 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22<br /> <br /> 4,1308,531166555,-;Call Trace:<br /> <br /> 4,1309,531166559,-; <br /> <br /> 4,1310,531166565,-; ? show_regs+0x6d/0x80<br /> <br /> 4,1311,531166575,-; ? die+0x37/0xa0<br /> <br /> 4,1312,531166583,-; ? do_trap+0xd4/0xf0<br /> <br /> 4,1313,531166593,-; ? do_error_trap+0x71/0xb0<br /> <br /> 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80<br /> <br /> 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80<br /> <br /> 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80<br /> <br /> 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20<br /> <br /> 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80<br /> <br /> 4,1319,531166652,-; __check_heap_object+0xe3/0x120<br /> <br /> 4,1320,531166661,-; check_heap_object+0x185/0x1d0<br /> <br /> 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150<br /> <br /> 4,1322,531166679,-; __check_object_size+0x23/0x30<br /> <br /> 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0