CVE-2025-22107 Information

Apr 17, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()

There are actually 2 problems:

deleting the last element doesn’t require the memmove of elements [i + 1 end) over it. Actually element i+1 is out of bounds.
The memmove itself should move size - i - 1 elements because the last element is out of bounds.

The out-of-bounds element still remains out of bounds after being accessed so the problem is only that we touch it not that it becomes in active use. But I suppose it can lead to issues if the out-of-bounds element is part of an unmapped page.

Reference

https://git.kernel.org/stable/c/59b97641de03c081f26b3a8876628c765b5faa25 https://git.kernel.org/stable/c/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481

Share on: