CVE-2025-21782

High

Published: 27 February 2025

Published

27 February 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0001 0.8th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21782 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Credential Access (T1212) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the slab-out-of-bounds read vulnerability in orangefs_debug_write by applying the specified upstream Linux kernel patches.

CM-7 Least Functionality good match

prevent

Eliminates the attack surface by restricting or prohibiting non-essential kernel modules like OrangeFS, preventing exploitation of the debug write function.

SI-16 Memory Protection partial match

prevent

Implements kernel memory protections such as boundary checks and randomization to limit the scope and impact of out-of-bounds reads in filesystem debug operations.

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The slab out-of-bounds read in kernel debug write allows local low-privileged access to sensitive kernel memory (facilitating T1212 Exploitation for Credential Access via potential confidential data leaks) and can trigger kernel crashes or instability (enabling T1499.004 Application or System Exploitation for DoS).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefs_debug_write I got a syzbot report: slab-out-of-bounds Read in orangefs_debug_write... several people suggested fixes, I tested Al Viro's suggestion and made this patch.

Deeper analysisAI

CVE-2025-21782 is a slab-out-of-bounds read vulnerability in the orangefs_debug_write function within the OrangeFS filesystem implementation of the Linux kernel. Discovered via a syzbot report, the issue allows out-of-bounds memory access during debug write operations. It is classified under CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high severity due to impacts on confidentiality and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables reading sensitive out-of-bounds kernel memory, potentially leaking confidential data, and triggering a denial of service through kernel crashes or instability, without affecting integrity or escalating privileges beyond the local scope.

Mitigation involves applying the upstream kernel patches referenced in the stable repository commits, including 09d472a18c0ee1d5b83612cb919e33a1610fea16, 18b7f841109f697840fe8633cf7ed7d32bd3f91b, 1c5244299241cf49d8ae7b5054e299cc8faa4e09, 1da2697307dad281dd690a19441b5ca4af92d786, and 2b84a231910cef2e0a16d29294afabfb69112087. Security practitioners should update affected Linux kernel versions supporting OrangeFS to incorporate these fixes.

Details

CWE(s): CWE-125

Affected Products

linux

linux kernel

≤ 6.1.129 · 6.2 — 6.6.79 · 6.7 — 6.12.16

CVEs Like This One

CVE-2025-21743Same product: Linux Linux Kernel

CVE-2026-23204Same product: Linux Linux Kernel

CVE-2026-31568Same product: Linux Linux Kernel

CVE-2026-43042Same product: Linux Linux Kernel

CVE-2026-23327Same product: Linux Linux Kernel

CVE-2024-57945Same product: Linux Linux Kernel

CVE-2026-31774Same product: Linux Linux Kernel

CVE-2026-43051Same product: Linux Linux Kernel

CVE-2026-23325Same product: Linux Linux Kernel

CVE-2025-21815Same product: Linux Linux Kernel

References

https://git.kernel.org/stable/c/09d472a18c0ee1d5b83612cb919e33a1610fea16
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/18b7f841109f697840fe8633cf7ed7d32bd3f91b
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1c5244299241cf49d8ae7b5054e299cc8faa4e09
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1da2697307dad281dd690a19441b5ca4af92d786
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2b84a231910cef2e0a16d29294afabfb69112087
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8725882b0f691f8113b230aea9df0256030a63a6
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/897f496b946fdcfab5983c983e4b513ab6682364
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f7c848431632598ff9bce57a659db6af60d75b39
Mailing List, Patch · 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
af854a3a-2127-422b-91ae-364da2661108