CVE-2025-21785

arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

Description

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions cache. Fix this by incrementing the index for any populated leaf (instead of any populated level).

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa
https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284
https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14
https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860 patch mailing list
https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8 patch mailing list
https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5 patch mailing list
https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618 patch mailing list
https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2 patch mailing list

Frequently Asked Questions

What is the severity of CVE-2025-21785?
CVE-2025-21785 has been scored as a high severity vulnerability.
How to fix CVE-2025-21785?
To fix CVE-2025-21785, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21785 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21785 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21785?
CVE-2025-21785 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.