PT-2025-8995 · Linux+6 · Linux Kernel+6

King Dix

·

Published

2025-01-13

·

Updated

2026-04-20

·

CVE-2025-21804

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been identified, specifically in the rcar-ep PCI module. The rcar pcie parse outbound ranges() function uses the devm request mem region() macro to request a needed resource, but a string variable on the stack is used to store a dynamically computed resource name, leading to undefined behavior. This can cause varying manifestations of errors, including garbage output or system crashes in rare cases. The issue is resolved by replacing the variable with the name of the previously requested resource.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-476

Related Identifiers

BDU:2025-11853
CVE-2025-21804
DLA-4102-1
DLA-4178-1
OESA-2025-1339
OESA-2025-1340
OESA-2025-1409
OESA-2025-1410
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7510-1
USN-7510-2
USN-7510-3
USN-7510-4
USN-7510-5
USN-7510-6
USN-7510-7
USN-7510-8
USN-7511-1
USN-7511-2
USN-7511-3
USN-7512-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7593-1
USN-7602-1
USN-7651-1
USN-7651-2
USN-7651-3
USN-7651-4
USN-7651-5
USN-7651-6
USN-7652-1
USN-7653-1
USN-7737-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu