VDB
DEBIAN-CVE-2025-21997
DEBIAN-CVE-2025-21997
PUBLISHED
CVSS 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.1.90-1~bpo11+1, 6.1.55-1, 6.1.64-1 |
| Debian:14 | linux | 0, 0 |
| Debian:11 | linux-6.1 | 6.1.129-1, 6.1.119-1, 6.1.128-1 |
| Debian:13 | linux | 0, 0 |
Timeline
- Apr 3, 2025 CVE Published
- Apr 28, 2026 CVE Updated