CVE-2025-21772

partitions: mac: fix handling of bogus partition table

Description

In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeeded. - If the partition table claims a silly sector size like 0xfff bytes (which results in partition table entries straddling sector boundaries), bail out instead of accessing out-of-bounds memory. - We must not assume that the partition table contains proper NUL termination - use strnlen() and strncmp() instead of strlen() and strcmp().

N/A
CVSS
Severity:
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a3e77da9f843e4ab93917d30c314f0283e28c124
https://git.kernel.org/stable/c/213ba5bd81b7e97ac6e6190b8f3bc6ba76123625
https://git.kernel.org/stable/c/40a35d14f3c0dc72b689061ec72fc9b193f37d1f
https://git.kernel.org/stable/c/27a39d006f85e869be68c1d5d2ce05e5d6445bf5
https://git.kernel.org/stable/c/92527100be38ede924768f4277450dfe8a40e16b
https://git.kernel.org/stable/c/6578717ebca91678131d2b1f4ba4258e60536e9f
https://git.kernel.org/stable/c/7fa9706722882f634090bfc9af642bf9ed719e27
https://git.kernel.org/stable/c/80e648042e512d5a767da251d44132553fe04ae0

Frequently Asked Questions

What is the severity of CVE-2025-21772?
CVE-2025-21772 has not yet been assigned a CVSS score.
How to fix CVE-2025-21772?
To fix CVE-2025-21772, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21772 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21772 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21772?
CVE-2025-21772 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.