CVE-2025-21845

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the version containing the fix for the SST write failure issue

Description: A bug in the Linux kernel causes only one byte of data to be written, regardless of the number of bytes passed to sst nor write data(), leading to a kernel crash during the write operation. The issue was introduced by a commit that factored out a common write operation to sst nor write data(). The correct number of bytes must be written as passed to sst nor write data() to resolve the issue.

Recommendations: For Linux kernel versions prior to the version containing the fix for the SST write failure issue, ensure the correct number of bytes are written as passed to sst nor write data(). As a temporary workaround, consider disabling the sst nor write data() function until a patch is available. Restrict access to the vulnerable sst module to minimize the risk of exploitation. Avoid using the affected mtd write oob std() and mtd write oob() functions in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.