CVE-2025-21785 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions cache. Fix this by incrementing the index for any populated leaf (instead of any populated level).

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/25/2026

This vulnerability exists in the linux kernel's arm64 architecture implementation where the cacheinfo array handling contains a logical flaw that could lead to out-of-bounds memory writes. The issue specifically affects how the kernel enumerates and populates cache information for processors with separate data and instruction caches. The existing bounds checking mechanism operates on array size limits but fails to properly account for the architectural complexity where each cache level may contain separate data and instruction cache components, creating a mismatch between the expected array indexing and actual cache hierarchy enumeration.

The technical flaw stems from an incorrect indexing approach during cache detection and population. When the kernel processes cache information for arm64 processors, it iterates through cache levels and attempts to populate a cacheinfo array. The original implementation increments the array index only when a cache level is populated, rather than when individual cache leaves (data and instruction caches) are actually populated. This discrepancy becomes problematic when dealing with processors that implement separate data and instruction caches at each level, as the array indexing does not properly accommodate the additional cache entries required for such architectures. This issue falls under the CWE-129 weakness category, specifically related to insufficient bounds checking on external inputs.

The operational impact of this vulnerability could be significant for systems running linux kernels on arm64 processors, particularly in server and embedded environments where proper cache management is crucial for performance and stability. An attacker could potentially exploit this out-of-bounds write condition to corrupt kernel memory structures, potentially leading to privilege escalation or system instability. The vulnerability is particularly concerning because it affects the kernel's cache detection mechanism which is fundamental to system performance optimization and hardware abstraction layer functionality. This type of memory corruption vulnerability aligns with ATT&CK technique T1068 which involves local privilege escalation through kernel exploits, and T1547 which covers kernel module loading and privilege escalation techniques.

The fix implemented addresses this by modifying the indexing logic to increment the array index based on populated cache leaves rather than populated cache levels. This ensures that when separate data and instruction caches exist at each level, the array receives proper indexing for each individual cache component rather than assuming a single cache entry per level. The resolution maintains the existing bounds checking while correcting the fundamental logical error in cache enumeration. This approach aligns with secure coding practices that emphasize proper array indexing and bounds validation, particularly when dealing with complex hardware architectures that may have varying cache configurations. The mitigation strategy requires updating to a patched kernel version that implements this corrected indexing mechanism, ensuring that all arm64 systems properly handle the enumeration of cache hierarchies regardless of whether they utilize unified or separate data/instruction cache architectures.

Responsible

Linux

Reservation

12/29/2024

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00257

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!