5.5

CVE-2025-21711

net/rose: prevent integer overflows in rose_setsockopt()

In the Linux kernel, the following vulnerability has been resolved:

net/rose: prevent integer overflows in rose_setsockopt()

In case of possible unpredictably large arguments passed to
rose_setsockopt() and multiplied by extra values on top of that,
integer overflows may occur.

Do the safest minimum and fix these issues by checking the
contents of 'opt' and returning -EINVAL if they are too large. Also,
switch to unsigned int and remove useless check for negative 'opt'
in ROSE_IDLE case.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.76
LinuxLinux Kernel Version >= 6.7 < 6.12.13
LinuxLinux Kernel Version >= 6.13 < 6.13.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.116
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/352daa50946c3bbb662432e8daf54d6760796589
Patch
https://git.kernel.org/stable/c/9bdee49ad6bbd26ab5e13cc6731e54fb1b6c1dca
Patch
https://git.kernel.org/stable/c/d08f4074f9c69f7e95502587eb1b258a965ba7f0
Patch
https://git.kernel.org/stable/c/d640627663bfe7d8963c7615316d7d4ef60f3b0b
Patch
https://git.kernel.org/stable/c/e5338930a29d0ab2a5af402f5f664aeba0d1a676
Patch
https://git.kernel.org/stable/c/4bdd449977e2364a53d0b2a5427e71beb1cd702d
https://git.kernel.org/stable/c/b8583b54455cbec2fc038fa32b6700890b369815
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html