-
CVE-2025-39817
- EPSS 0.03%
- Veröffentlicht 16.09.2025 13:00:17
- Zuletzt bearbeitet 18.09.2025 13:43:34
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
Observed on kernel 6.6 (present on master as well):
BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0
Call trace:
kasan_check_range+0xe8/0x190
__asan_loadN+0x1c/0x28
memcmp+0x98/0xd0
efivarfs_d_compare+0x68/0xd8
__d_lookup_rcu_op_compare+0x178/0x218
__d_lookup_rcu+0x1f8/0x228
d_alloc_parallel+0x150/0x648
lookup_open.isra.0+0x5f0/0x8d0
open_last_lookups+0x264/0x828
path_openat+0x130/0x3f8
do_filp_open+0x114/0x248
do_sys_openat2+0x340/0x3c0
__arm64_sys_openat+0x120/0x1a0
If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become
negative, leadings to oob. The issue can be triggered by parallel
lookups using invalid filename:
T1 T2
lookup_open
->lookup
simple_lookup
d_add
// invalid dentry is added to hash list
lookup_open
d_alloc_parallel
__d_lookup_rcu
__d_lookup_rcu_op_compare
hlist_bl_for_each_entry_rcu
// invalid dentry can be retrieved
->d_compare
efivarfs_d_compare
// oob
Fix it by checking 'guid' before cmp.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
0f63fbabeaaaaaaf5b742a2f4c1b4590d50bf1f6
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
794399019301944fd6d2e0d7a51b3327e26c410e
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
568e7761279b99c6daa3002290fd6d8047ddb6d2
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
d7f5e35e70507d10cbaff5f9e194ed54c4ee14f7
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
925599eba46045930b850a98ae594d2e3028ac40
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
c2925cd6207079c3f4d040d082515db78d63afbf
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
71581a82f38e5a4d807d71fc1bb59aead80ccf95
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version <
a6358f8cf64850f3f27857b8ed8c1b08cfc4685c
Version
da27a24383b2b10bf6ebd0db29b325548aafecb4
Status
affected
Version
688289c4b745c018b3449b4b4c5a2030083c8eaf
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.9
Status
affected
Version <
3.9
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.298
Status
unaffected
Version <=
5.10.*
Version
5.10.242
Status
unaffected
Version <=
5.15.*
Version
5.15.191
Status
unaffected
Version <=
6.1.*
Version
6.1.150
Status
unaffected
Version <=
6.6.*
Version
6.6.104
Status
unaffected
Version <=
6.12.*
Version
6.12.45
Status
unaffected
Version <=
6.16.*
Version
6.16.5
Status
unaffected
Version <=
*
Version
6.17-rc4
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|