7.8

CVE-2025-21772

partitions: mac: fix handling of bogus partition table

In the Linux kernel, the following vulnerability has been resolved:

partitions: mac: fix handling of bogus partition table

Fix several issues in partition probing:

 - The bailout for a bad partoffset must use put_dev_sector(), since the
   preceding read_part_sector() succeeded.
 - If the partition table claims a silly sector size like 0xfff bytes
   (which results in partition table entries straddling sector boundaries),
   bail out instead of accessing out-of-bounds memory.
 - We must not assume that the partition table contains proper NUL
   termination - use strnlen() and strncmp() instead of strlen() and
   strcmp().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4.291
LinuxLinux Kernel Version >= 5.5 < 5.10.235
LinuxLinux Kernel Version >= 5.11 < 5.15.179
LinuxLinux Kernel Version >= 5.16 < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.79
LinuxLinux Kernel Version >= 6.7 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.118
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5
Patch
https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f
Patch
https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27
Patch
https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0
Patch
https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b
Patch
https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625
Patch
https://git.kernel.org/stable/c/40a35d14f3c0dc72b689061ec72fc9b193f37d1f
Patch
https://git.kernel.org/stable/c/a3e77da9f843e4ab93917d30c314f0283e28c124
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html