PT-2025-4361 · Linux+6 · Linux Kernel+6
Published
2025-01-09
·
Updated
2025-11-11
·
CVE-2025-21680
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.10.0-rc1 #121
Description
The issue is related to the
get imix entries() function in the net/core/pktgen.c module of the Linux kernel, which is vulnerable to out-of-bounds access due to incorrect boundary checking. Passing a sufficient amount of imix entries leads to invalid access to the pkt dev->imix entries array. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the out-of-bounds access in
get imix entries(). As a temporary workaround, consider restricting access to the pktgen module to minimize the risk of exploitation.Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu