5.5

CVE-2025-21691

EPSS 0.04%
Published 10.02.2025 16:15:38
Last modified 15.10.2025 16:25:09
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

cachestat: fix page cache statistics permission checking

When the 'cachestat()' system call was added in commit cf264e1329fb
("cachestat: implement cachestat syscall"), it was meant to be a much
more convenient (and performant) version of mincore() that didn't need
mapping things into the user virtual address space in order to work.

But it ended up missing the "check for writability or ownership" fix for
mincore(), done in commit 134fca9063ad ("mm/mincore.c: make mincore()
more conservative").

This just adds equivalent logic to 'cachestat()', modified for the file
context (rather than vma).

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.5 < 6.6.75

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.12

Linux ≫ Linux Kernel Version6.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.101

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/5f537664e705b0bf8b7e329861f20128534f6a83

Patch

https://git.kernel.org/stable/c/780ab8329672464984cf1344bd5c3993af0226c7

Patch

https://git.kernel.org/stable/c/7d6405c13b0d8a8367cd8df63f118b619a3f0dd2

Patch

https://git.kernel.org/stable/c/97153a05077f618f7471f50a78158602badccb30

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-21691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-21691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-21691

EUVD