7.8

CVE-2025-21724

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

In the Linux kernel, the following vulnerability has been resolved:

iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()

Resolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()
where shifting the constant "1" (of type int) by bitmap->mapped.pgshift
(an unsigned long value) could result in undefined behavior.

The constant "1" defaults to a 32-bit "int", and when "pgshift" exceeds
31 (e.g., pgshift = 63) the shift operation overflows, as the result
cannot be represented in a 32-bit type.

To resolve this, the constant is updated to "1UL", promoting it to an
unsigned long type to match the operand's type.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.76
LinuxLinux Kernel Version >= 6.7 < 6.12.13
LinuxLinux Kernel Version >= 6.13 < 6.13.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9
Patch
https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3
Patch
https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6
Patch
https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe
Patch
https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html