CVE-2025-21789
HIGHLinux Kernel 6.4-6.6.78, 6.7-6.12.15, 6.13-6.13.3 - Out-of-bounds Read in LoongArch IP Checksum Code
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: LoongArch: csum: Fix OoB access in IP checksum code for negative lengths Commit 69e3a6aa6be2 ("LoongArch: Add checksum optimization for 64-bit system") would cause an undefined shift and an out-of-bounds read. Commit 8bd795fedb84 ("arm64: csum: Fix OoB access in IP checksum code for negative lengths") fixes the same issue on ARM64.
References (4)
Core 4
Core References
Mailing List, Patch
https://git.kernel.org/stable/c/964a8895704a22efc06a2a3276b624a5ae985a06
Mailing List, Patch
https://git.kernel.org/stable/c/9f15a8df542c0f08732a67d1a14ee7c22948fb97
Mailing List, Patch
https://git.kernel.org/stable/c/d6508ffff32b44b6d0de06704034e4eef1c307a7
Mailing List, Patch
https://git.kernel.org/stable/c/6287f1a8c16138c2ec750953e35039634018c84a
Scores
CVSS v3
7.1
EPSS
0.0021
EPSS Percentile
11.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (15)
linux/Kernel
6.13.0 - 6.13.4linux
linux/Kernel
6.4.0 - 6.6.79linux
linux/Kernel
6.7.0 - 6.12.16linux
Linux/Linux
< 6.4
Linux/Linux
6.12.16 - 6.12.*
Linux/Linux
6.13.4 - 6.13.*
Linux/Linux
6.14
Linux/Linux
6.4
Linux/Linux
6.6.79 - 6.6.*
Linux/Linux
69e3a6aa6be21de6aaf38130fad97ecde34a193c - 6287f1a8c16138c2ec750953e35039634018c84a
... and 5 more
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026