CVE-2025-21932Linux vulnerability

5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 84.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 1

Description

In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify() relies upon the vmg state remaining pristine after a merge attempt. Usually this is the case, however in the one edge case scenario of a merge attempt failing not due to the specified range being unmergeable, but rather due to an out of memory error arising when attempting to commit the merge, this assumption becomes untrue. This results in v

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.126.12.19+2
Debianlinux/linux_kernel< 6.12.19-1+1
CVEListV5linux/linux2f1c6611b0a89afcb8641471af5f223c9caa01e079636d2981b066acd945117387a9533f56411f6f+3
debiandebian/linux< linux 6.12.19-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-fcgh-gjcg-cmc2: In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modif2025-04-01
OSV
CVE-2025-21932: In the Linux kernel, the following vulnerability has been resolved: mm: abort vma_modify() on merge out of memory failure The remainder of vma_modify(2025-04-01

📋Vendor Advisories

2
Red Hat
kernel: mm: abort vma_modify() on merge out of memory failure2025-04-01
Debian
CVE-2025-21932: linux - In the Linux kernel, the following vulnerability has been resolved: mm: abort v...2025
CVE-2025-21932 — Linux vulnerability | cvebase