CVE-2025-21993Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read61 documents7 sources
Severity
7.1HIGHNVD
OSV8.8OSV7.8OSV5.9OSV5.5
EPSS
0.1%
top 81.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedApr 2
Latest updateJul 16

Description

In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages10 packages

NVDlinux/linux_kernel6.26.6.84+4
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.15.0-138.148+2

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

30
OSV
linux-iot vulnerabilities2025-07-16
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2025-07-16
OSV
linux-bluefield vulnerabilities2025-07-03
OSV
linux-hwe-5.4 vulnerabilities2025-06-30
OSV
linux-azure-5.4 vulnerabilities2025-06-25

📋Vendor Advisories

30
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-16
Ubuntu
Linux kernel (IoT) vulnerabilities2025-07-16
Ubuntu
Linux kernel (BlueField) vulnerabilities2025-07-03
Ubuntu
Linux kernel (HWE) vulnerabilities2025-06-30
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-25
CVE-2025-21993 — Out-of-bounds Read in Linux | cvebase