PT-2025-10075 · Linux+1 · Linux Kernel+1
Published
2025-03-07
·
Updated
2025-03-10
·
CVE-2025-21843
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A issue in the Linux kernel has been identified where the
priorities info variable is uninitialized. This uninitialized value is then copied to a user object when the PANTHOR UOBJ SET() function is called, potentially leading to unexpected behavior. The problem arises from a garbage value in the panthor ioctl dev query() function.Recommendations
To resolve this issue, initialize the
priorities info variable using memset to avoid the garbage value problem.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel