admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-16 10:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-216xx/CVE-2025-21653.json
cad-safe-bot 16456e136d Auto-Update: 2025-02-02T13:00:20.525064+00:00
2025-02-02 13:03:45 +00:00

49 lines
5.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-21653",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-19T11:15:10.940",
"lastModified": "2025-02-02T11:15:15.557",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\n\nsyzbot found that TCA_FLOW_RSHIFT attribute was not validated.\nRight shitfing a 32bit integer is undefined for large shift values.\n\nUBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23\nshift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: ipv6_addrconf addrconf_dad_work\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\n flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329\n tc_classify include/net/tc_wrapper.h:197 [inline]\n __tcf_classify net/sched/cls_api.c:1771 [inline]\n tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867\n sfb_classify net/sched/sch_sfb.c:260 [inline]\n sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318\n dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793\n __dev_xmit_skb net/core/dev.c:3889 [inline]\n __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n neigh_hh_output include/net/neighbour.h:523 [inline]\n neigh_output include/net/neighbour.h:537 [inline]\n ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\n iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82\n udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173\n geneve_xmit_skb drivers/net/geneve.c:916 [inline]\n geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606\n __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: cls_flow: validar el atributo TCA_FLOW_RSHIFT syzbot encontr\u00f3 que el atributo TCA_FLOW_RSHIFT no estaba validado. El uso de un entero de 32 bits con valores de desplazamiento grandes no est\u00e1 definido. UBSAN: cambio fuera de los l\u00edmites en net/sched/cls_flow.c:329:23 El exponente de cambio 9445 es demasiado grande para el tipo de 32 bits 'u32' (tambi\u00e9n conocido como 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 No contaminado 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 Cola de trabajo: ipv6_addrconf addrconf_dad_work Seguimiento de llamadas: __dump_stack lib/dump_stack.c:94 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [en l\u00ednea] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [en l\u00ednea] __tcf_classify net/sched/cls_api.c:1771 [en l\u00ednea] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [en l\u00ednea] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [en l\u00ednea] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [en l\u00ednea] neigh_hh_output include/net/neighbour.h:523 [en l\u00ednea] neigh_output include/net/neighbour.h:537 [en l\u00ednea] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [en l\u00ednea] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:5011 [en l\u00ednea] xmit_one net/core/dev.c:3590 [en l\u00ednea] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 red/n\u00facleo/dev.c:4434"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2011749ca96460386844dfc7e0fde53ebee96f3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43658e4a5f2770ad94e93362885ff51c10cf3179",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6fde663f7321418996645ee602a473457640542f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9858f4afeb2e59506e714176bd3e135539a3eeec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a039e54397c6a75b713b9ce7894a62e06956aa92",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a313d6e6d5f3a631cae5a241c392c28868aa5c5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e54beb9aed2a90dddf4c5d68fcfc9a01f3e40a61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}
Reference in New Issue View Git Blame Copy Permalink