CVE-2025-21782 - Out-of-bounds Read

Severity

71%

Complexity

18%

Confidentiality

86%

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch.

CVSS 3.1 Base Score 7.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

Demo Examples

Out-of-bounds Read

CWE-125

In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method


               
}
return value;// check that the array index is less than the maximum// length of the array
value = array[index];// get the value at the specified index of the array
// if array index is invalid then output error message// and return value indicating error
value = -1;

However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below.


               
...// check that the array index is within the correct// range of values for the array

Overview

First reported 3 months ago

2025-02-27 03:15:00

Last updated 2 months ago

2025-03-13 13:15:00

Affected Software

Linux Kernel

References

https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09

https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786

https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087

https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364

https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39

https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09

Patch, Mailing List

https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786

Patch, Mailing List

https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087

Patch, Mailing List

https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364

Patch, Mailing List

https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39

Patch, Mailing List

https://git.kernel.org/stable/c/09d472a18c0ee1d5b83612cb919e33a1610fea16

https://git.kernel.org/stable/c/18b7f841109f697840fe8633cf7ed7d32bd3f91b

https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09

Mailing List, Patch

https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786

Mailing List, Patch

https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087

Mailing List, Patch

https://git.kernel.org/stable/c/8725882b0f691f8113b230aea9df0256030a63a6

https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364

Mailing List, Patch

https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39

Mailing List, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.