CVE-2025-22107

HIGH

Linux Kernel 5.2-6.14.2 - Out-of-bounds Read in sja1105_table_delete_entry

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() There are actually 2 problems: - deleting the last element doesn't require the memmove of elements [i + 1, end) over it. Actually, element i+1 is out of bounds. - The memmove itself should move size - i - 1 elements, because the last element is out of bounds. The out-of-bounds element still remains out of bounds after being accessed, so the problem is only that we touch it, not that it becomes in active use. But I suppose it can lead to issues if the out-of-bounds element is part of an unmapped page.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/b52153da1f42e2f4d6259257a7ba027331671a93

Patch

https://git.kernel.org/stable/c/4584486cfcca24b7b586da3377eb3cffd48669ec

Patch

https://git.kernel.org/stable/c/031e00249e9e6bee72ba66701c8f83b45fc4b8a2

Patch

https://git.kernel.org/stable/c/59b97641de03c081f26b3a8876628c765b5faa25

Patch

https://git.kernel.org/stable/c/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481

https://git.kernel.org/stable/c/f85b9bfb08ba2b642d1810c6c4ae1e7b46f1776a

https://git.kernel.org/stable/c/f117d0467215d7f1d445ae16d2c799637e63dc6c

Scores

CVSS v3 7.1

EPSS 0.0017

EPSS Percentile 6.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (21)

linux/Kernel 5.2.0 - 6.1.160linux

linux/Kernel 6.13.0 - 6.14.2linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.59linux

Linux/Linux < 5.2

Linux/Linux 5.10.258 - 5.10.*

Linux/Linux 5.15.209 - 5.15.*

Linux/Linux 5.2

Linux/Linux 6.1.160 - 6.1.*

Linux/Linux 6.12.59 - 6.12.*

... and 11 more

Published Apr 16, 2025

Tracked Since Feb 18, 2026