CVE-2025-21873
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 3%
Affected Systems
- linux•linux
≥ 6ff265fc5ef660499e0edc4641647e99eed3f519, < 32fb5ec825f6f76bc28902181c65429a904a07fe | ≥ 6ff265fc5ef660499e0edc4641647e99eed3f519, < 59455f968c1004ed897ba873237657745d81ce0f | ≥ 6ff265fc5ef660499e0edc4641647e99eed3f519, < 7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327 | ≥ 6ff265fc5ef660499e0edc4641647e99eed3f519, < f27a95845b01e86d67c8b014b4f41bd3327daa63 | 6.3
- linux•linux_kernel
≥ 6.3, < 6.6.81 | ≥ 6.7, < 6.12.18 | ≥ 6.13, < 6.13.6 | 6.14:rc1 | 6.14:rc2 | 6.14:rc3 | 6.14:rc4