7.1

CVE-2025-21950

drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl

In the Linux kernel, the following vulnerability has been resolved:

drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl

In the "pmcmd_ioctl" function, three memory objects allocated by
kmalloc are initialized by "hcall_get_cpu_state", which are then
copied to user space. The initializer is indeed implemented in
"acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of
information leakage due to uninitialized bytes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.12 < 5.15.179
LinuxLinux Kernel Version >= 5.16 < 6.1.131
LinuxLinux Kernel Version >= 6.2 < 6.6.83
LinuxLinux Kernel Version >= 6.7 < 6.12.19
LinuxLinux Kernel Version >= 6.13 < 6.13.7
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
LinuxLinux Kernel Version6.14 Updaterc3
LinuxLinux Kernel Version6.14 Updaterc4
LinuxLinux Kernel Version6.14 Updaterc5
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.092
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/1b8f7a2caa7f9cdfd135e3f78eb9d7e36fb95083
Patch
https://git.kernel.org/stable/c/4e15cf870d2c748e45d45ffc4d5b1dc1b7d50120
Patch
https://git.kernel.org/stable/c/524f29d78c9bdeb49f31f5b0376a07d2fc5cf563
Patch
https://git.kernel.org/stable/c/819cec1dc47cdeac8f5dd6ba81c1dbee2a68c3bb
Patch
https://git.kernel.org/stable/c/a4c21b878f0e237f45209a324c903ea7fb05247d
Patch
https://git.kernel.org/stable/c/d7e5031fe3f161c8eb5e84db1540bc4373ed861b
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Third Party Advisory