Description

In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes.

INFO

Published Date :

2025-04-01T15:41:10.949Z

Last Modified :

2025-11-03T19:39:51.532Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21950 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21950.

URL Resource
https://git.kernel.org/stable/c/1b8f7a2caa7f9cdfd135e3f78eb9d7e36fb95083 cve-icon cve-icon
https://git.kernel.org/stable/c/4e15cf870d2c748e45d45ffc4d5b1dc1b7d50120 cve-icon cve-icon
https://git.kernel.org/stable/c/524f29d78c9bdeb49f31f5b0376a07d2fc5cf563 cve-icon cve-icon
https://git.kernel.org/stable/c/819cec1dc47cdeac8f5dd6ba81c1dbee2a68c3bb cve-icon cve-icon
https://git.kernel.org/stable/c/a4c21b878f0e237f45209a324c903ea7fb05247d cve-icon cve-icon
https://git.kernel.org/stable/c/d7e5031fe3f161c8eb5e84db1540bc4373ed861b cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21950-11d2@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21950 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21950 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact