7.1

CVE-2025-21782

orangefs: fix a oob in orangefs_debug_write

In the Linux kernel, the following vulnerability has been resolved:

orangefs: fix a oob in orangefs_debug_write

I got a syzbot report: slab-out-of-bounds Read in
orangefs_debug_write... several people suggested fixes,
I tested Al Viro's suggestion and made this patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.1.129
LinuxLinux Kernel Version >= 6.2 < 6.6.79
LinuxLinux Kernel Version >= 6.7 < 6.12.16
LinuxLinux Kernel Version >= 6.13 < 6.13.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.153
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09
Patch
Mailing List
https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786
Patch
Mailing List
https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087
Patch
Mailing List
https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364
Patch
Mailing List
https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39
Patch
Mailing List
https://git.kernel.org/stable/c/09d472a18c0ee1d5b83612cb919e33a1610fea16
https://git.kernel.org/stable/c/18b7f841109f697840fe8633cf7ed7d32bd3f91b
https://git.kernel.org/stable/c/8725882b0f691f8113b230aea9df0256030a63a6
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html