CVE-2025-21815

mm/compaction: fix UBSAN shift-out-of-bounds warning

Description

In the Linux kernel, the following vulnerability has been resolved: mm/compaction: fix UBSAN shift-out-of-bounds warning syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order) in isolate_freepages_block(). The bogus compound_order can be any value because it is union with flags. Add back the MAX_PAGE_ORDER check to fix the warning.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4491159774d973a9e2e998d25d8fbb20fada6dfa
https://git.kernel.org/stable/c/10b7d3eb535098ccd4c82a182a33655d8a0e5c88
https://git.kernel.org/stable/c/d1366e74342e75555af2648a2964deb2d5c92200

Frequently Asked Questions

What is the severity of CVE-2025-21815?
CVE-2025-21815 has not yet been assigned a CVSS score.
How to fix CVE-2025-21815?
To fix CVE-2025-21815, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-21815 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-21815 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-21815?
CVE-2025-21815 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.