Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64.
References (4)
Core 4
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/6287f1a8c16138c2ec750953e35039634018c84a
Mailing List, Patch
https://git.kernel.org/stable/c/964a8895704a22efc06a2a3276b624a5ae985a06
Mailing List, Patch
https://git.kernel.org/stable/c/9f15a8df542c0f08732a67d1a14ee7c22948fb97
Mailing List, Patch
https://git.kernel.org/stable/c/d6508ffff32b44b6d0de06704034e4eef1c307a7
Scores
CVSS v3
7.1
EPSS
0.0005
EPSS Percentile
16.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (5)
linux/Kernel
6.13.0 - 6.13.4linux
linux/Kernel
6.4.0 - 6.6.79linux
linux/Kernel
6.7.0 - 6.12.16linux
linux/linux_kernel
6.14 rc1 (2 CPE variants)
linux/linux_kernel
6.4 - 6.6.79
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026