CVE-2025-21680— pktgen: Avoid out-of-bounds access in get_imix_entries
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-21680
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pktgen: Avoid out-of-bounds access in get_imix_entries
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24 index 20 is out of range for type 'imix_pkt [20]' CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl lib/dump_stack.c:117 __ubsan_handle_out_of_bounds lib/ubsan.c:429 get_imix_entries net/core/pktgen.c:874 pktgen_if_write net/core/pktgen.c:1063 pde_write fs/proc/inode.c:334 proc_reg_write fs/proc/inode.c:346 vfs_write fs/read_write.c:593 ksys_write fs/read_write.c:644 do_syscall_64 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130 Found by Linux Verification Center (linuxtesting.org) with SVACE. [ fp: allow to fill the array completely; minor changelog cleanup ]
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在输入验证错误漏洞,该漏洞源于pktgen的get_imix_entries函数中对imix_entries数组的边界检查错误,导致在传递大量条目时访问数组越界,可能引发系统崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-21680
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-21680
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-01-31 · 20 CVEs total
| CVE-2025-21673 | smb: client: fix double free of TCP_Server_Info::hostname | |
| CVE-2024-57948 | mac802154: check local interfaces before deleting sdata list | |
| CVE-2025-21665 | filemap: avoid truncating 64-bit offset to 32 bits | |
| CVE-2025-21666 | vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] | |
| CVE-2025-21667 | iomap: avoid avoid truncating 64-bit offset to 32 bits | |
| CVE-2025-21668 | pmdomain: imx8mp-blk-ctrl: add missing loop break condition | |
| CVE-2025-21669 | vsock/virtio: discard packets if the transport changes | |
| CVE-2025-21670 | vsock/bpf: return early if transport is not assigned | |
| CVE-2025-21671 | zram: fix potential UAF of zram table | |
| CVE-2025-21672 | afs: Fix merge preference rule failure condition | |
| CVE-2025-21683 | bpf: Fix bpf_sk_select_reuseport() memory leak | |
| CVE-2025-21674 | net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel | |
| CVE-2025-21675 | net/mlx5: Clear port select structure when fail to create | |
| CVE-2025-21676 | net: fec: handle page_pool_dev_alloc_pages error | |
| CVE-2025-21677 | pfcp: Destroy device along with udp socket's netns dismantle. | |
| CVE-2025-21679 | btrfs: add the missing error handling inside get_canonical_dev_path | |
| CVE-2025-21678 | gtp: Destroy device along with udp socket's netns dismantle. | |
| CVE-2025-21681 | openvswitch: fix lockup on tx to unregistering netdev with carrier | |
| CVE-2025-21682 | eth: bnxt: always recalculate features after XDP clearing, fix null-deref |
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
Same vendor: Linux
- CVE-2026-46333
ptrace: slightly saner 'get_dumpable()' logic - CVE-2026-43490
ksmbd: validate inherited ACE SID length - CVE-2026-43489
liveupdate: luo_file: remember retrieve() status - CVE-2026-43487
ata: libata-core: Disable LPM on ST1000DM010-2EP102 - CVE-2026-43488
usb: xhci: Prevent interrupt storm on host controller error
V. Comments for CVE-2025-21680
No comments yet