CVE-2025-21997

Name	CVE-2025-21997
Description	In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different XDP buffers pointing to the same memory area. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-5900-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.234-1	fixed
	bookworm	6.1.129-1	vulnerable
	bookworm (security)	6.1.135-1	fixed
	trixie	6.12.22-1	fixed
	sid	6.12.25-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	bullseye	(not affected)
linux	source	bookworm	6.1.133-1	DSA-5900-1
linux	source	(unstable)	6.12.21-1

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/559847f56769037e5b2e0474d3dbff985b98083d (6.14)