CVE-2025-21873 Information

Mar 28, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

scsi: ufs: core: bsg: Fix crash when arpmb command fails

If the device doesn’t support arpmb we’ll crash due to copying user data in bsg_transport_sg_io_fn().

In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error do not set the job’s reply_len.

Memory crash backtrace: 31290531166405-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22

41308531166555-;Call Trace:

41309531166559-;

41310531166565-; ? show_regs+0x6d/0x80

41311531166575-; ? die+0x37/0xa0

41312531166583-; ? do_trap+0xd4/0xf0

41313531166593-; ? do_error_trap+0x71/0xb0

41314531166601-; ? usercopy_abort+0x6c/0x80

41315531166610-; ? exc_invalid_op+0x52/0x80

41316531166622-; ? usercopy_abort+0x6c/0x80

41317531166630-; ? asm_exc_invalid_op+0x1b/0x20

41318531166643-; ? usercopy_abort+0x6c/0x80

41319531166652-; __check_heap_object+0xe3/0x120

41320531166661-; check_heap_object+0x185/0x1d0

41321531166670-; __check_object_size.part.0+0x72/0x150

41322531166679-; __check_object_size+0x23/0x30

41323531166688-; bsg_transport_sg_io_fn+0x314/0x3b0

Reference

https://git.kernel.org/stable/c/32fb5ec825f6f76bc28902181c65429a904a07fe https://git.kernel.org/stable/c/59455f968c1004ed897ba873237657745d81ce0f https://git.kernel.org/stable/c/7e3c96ff5c5f3206984ed077b2aa8c9b7c4e0327 https://git.kernel.org/stable/c/f27a95845b01e86d67c8b014b4f41bd3327daa63

Share on: