CVE-2025-39727
BaseFortify
Publication date: 2025-09-07
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential buffer overflow in the Linux kernel's memory management swap subsystem, specifically in the setup_clusters() function. The issue arises because setup_swap_map() only ensures that badpages are within the range (0, last_page], but since maxpages can be less than last_page, setup_clusters() may overflow its buffer when a badpage is greater than or equal to maxpages. The fix involves only calling inc_cluster_info_page() for badpages less than maxpages to prevent this overflow.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow in the Linux kernel's memory management system, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code with kernel privileges, compromising system security.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that resolves the buffer overflow in setup_clusters() by ensuring inc_cluster_info_page() is only called for badpage values less than maxpages.