{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21691", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.742Z", "datePublished": "2025-02-10T15:58:47.219Z", "dateUpdated": "2025-05-04T07:19:08.070Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:19:08.070Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachestat: fix page cache statistics permission checking\n\nWhen the 'cachestat()' system call was added in commit cf264e1329fb\n(\"cachestat: implement cachestat syscall\"), it was meant to be a much\nmore convenient (and performant) version of mincore() that didn't need\nmapping things into the user virtual address space in order to work.\n\nBut it ended up missing the \"check for writability or ownership\" fix for\nmincore(), done in commit 134fca9063ad (\"mm/mincore.c: make mincore()\nmore conservative\").\n\nThis just adds equivalent logic to 'cachestat()', modified for the file\ncontext (rather than vma)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/filemap.c"], "versions": [{"version": "cf264e1329fb0307e044f7675849f9f38b44c11a", "lessThan": "7d6405c13b0d8a8367cd8df63f118b619a3f0dd2", "status": "affected", "versionType": "git"}, {"version": "cf264e1329fb0307e044f7675849f9f38b44c11a", "lessThan": "780ab8329672464984cf1344bd5c3993af0226c7", "status": "affected", "versionType": "git"}, {"version": "cf264e1329fb0307e044f7675849f9f38b44c11a", "lessThan": "97153a05077f618f7471f50a78158602badccb30", "status": "affected", "versionType": "git"}, {"version": "cf264e1329fb0307e044f7675849f9f38b44c11a", "lessThan": "5f537664e705b0bf8b7e329861f20128534f6a83", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["mm/filemap.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.75", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.12", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.1", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.12.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.13.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7d6405c13b0d8a8367cd8df63f118b619a3f0dd2"}, {"url": "https://git.kernel.org/stable/c/780ab8329672464984cf1344bd5c3993af0226c7"}, {"url": "https://git.kernel.org/stable/c/97153a05077f618f7471f50a78158602badccb30"}, {"url": "https://git.kernel.org/stable/c/5f537664e705b0bf8b7e329861f20128534f6a83"}], "title": "cachestat: fix page cache statistics permission checking", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FADAF68-4B9E-4DCE-9F38-C617F8FFCB85", "versionEndExcluding": "6.6.75", "versionStartIncluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B04C243A-753B-49A9-87C7-92FCC1425FB7", "versionEndExcluding": "6.12.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:*:*:*:*:*:*:*", "matchCriteriaId": "BE23BDD3-4F59-44BE-B56F-A938294F2DF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachestat: fix page cache statistics permission checking\n\nWhen the 'cachestat()' system call was added in commit cf264e1329fb\n(\"cachestat: implement cachestat syscall\"), it was meant to be a much\nmore convenient (and performant) version of mincore() that didn't need\nmapping things into the user virtual address space in order to work.\n\nBut it ended up missing the \"check for writability or ownership\" fix for\nmincore(), done in commit 134fca9063ad (\"mm/mincore.c: make mincore()\nmore conservative\").\n\nThis just adds equivalent logic to 'cachestat()', modified for the file\ncontext (rather than vma)."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachestat: corregir la comprobaci\u00f3n de permisos de las estad\u00edsticas de cach\u00e9 de p\u00e1gina Cuando se a\u00f1adi\u00f3 la llamada al sistema 'cachestat()' en el commit cf264e1329fb (\"cachestat: implementar la llamada al sistema cachestat\"), se supon\u00eda que era una versi\u00f3n mucho m\u00e1s conveniente (y de mayor rendimiento) de mincore() que no necesitaba asignar cosas al espacio de direcciones virtuales del usuario para funcionar. Pero termin\u00f3 faltando la correcci\u00f3n de \"comprobar la capacidad de escritura o la propiedad\" para mincore(), realizada en el commit 134fca9063ad (\"mm/mincore.c: hacer que mincore() sea m\u00e1s conservador\"). Esto solo a\u00f1ade una l\u00f3gica equivalente a 'cachestat()', modificada para el contexto del archivo (en lugar de vma)."}], "id": "CVE-2025-21691", "lastModified": "2025-10-15T16:25:09.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-10T16:15:38.660", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5f537664e705b0bf8b7e329861f20128534f6a83"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/780ab8329672464984cf1344bd5c3993af0226c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d6405c13b0d8a8367cd8df63f118b619a3f0dd2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/97153a05077f618f7471f50a78158602badccb30"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: cachestat: fix page cache statistics permission checking", "id": "2344687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344687"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-863", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncachestat: fix page cache statistics permission checking\nWhen the 'cachestat()' system call was added in commit cf264e1329fb\n(\"cachestat: implement cachestat syscall\"), it was meant to be a much\nmore convenient (and performant) version of mincore() that didn't need\nmapping things into the user virtual address space in order to work.\nBut it ended up missing the \"check for writability or ownership\" fix for\nmincore(), done in commit 134fca9063ad (\"mm/mincore.c: make mincore()\nmore conservative\").\nThis just adds equivalent logic to 'cachestat()', modified for the file\ncontext (rather than vma)."], "name": "CVE-2025-21691", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-21691\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-21691\nhttps://lore.kernel.org/linux-cve-announce/2025021055-CVE-2025-21691-2bd2@gregkh/T"], "threat_severity": "Moderate"}

{}