{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21724","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.754Z","datePublished":"2025-02-27T02:07:31.630Z","dateUpdated":"2025-11-03T19:36:23.243Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:19:48.785Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()\n\nResolve a UBSAN shift-out-of-bounds issue in iova_bitmap_offset_to_index()\nwhere shifting the constant \"1\" (of type int) by bitmap->mapped.pgshift\n(an unsigned long value) could result in undefined behavior.\n\nThe constant \"1\" defaults to a 32-bit \"int\", and when \"pgshift\" exceeds\n31 (e.g., pgshift = 63) the shift operation overflows, as the result\ncannot be represented in a 32-bit type.\n\nTo resolve this, the constant is updated to \"1UL\", promoting it to an\nunsigned long type to match the operand's type."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/iommufd/iova_bitmap.c"],"versions":[{"version":"58ccf0190d19d9a8a41f8a02b9e06742b58df4a1","lessThan":"44d9c94b7a3f29a3e07c4753603a35e9b28842a3","status":"affected","versionType":"git"},{"version":"58ccf0190d19d9a8a41f8a02b9e06742b58df4a1","lessThan":"38ac76fc06bc6826a3e4b12a98efbe98432380a9","status":"affected","versionType":"git"},{"version":"58ccf0190d19d9a8a41f8a02b9e06742b58df4a1","lessThan":"d5d33f01b86af44b23eea61ee309e4ef22c0cdfe","status":"affected","versionType":"git"},{"version":"58ccf0190d19d9a8a41f8a02b9e06742b58df4a1","lessThan":"b1f8453b8ff1ab79a03820ef608256c499769cb6","status":"affected","versionType":"git"},{"version":"58ccf0190d19d9a8a41f8a02b9e06742b58df4a1","lessThan":"e24c1551059268b37f6f40639883eafb281b8b9c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/iommufd/iova_bitmap.c"],"versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.76","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.13","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.2","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.6.76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.12.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.13.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/44d9c94b7a3f29a3e07c4753603a35e9b28842a3"},{"url":"https://git.kernel.org/stable/c/38ac76fc06bc6826a3e4b12a98efbe98432380a9"},{"url":"https://git.kernel.org/stable/c/d5d33f01b86af44b23eea61ee309e4ef22c0cdfe"},{"url":"https://git.kernel.org/stable/c/b1f8453b8ff1ab79a03820ef608256c499769cb6"},{"url":"https://git.kernel.org/stable/c/e24c1551059268b37f6f40639883eafb281b8b9c"}],"title":"iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:36:23.243Z"}}]}}