#VU107688 Out-of-bounds read in Linux kernel - CVE-2025-22104


| Updated: 2025-05-10

Vulnerability identifier: #VU107688

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22104

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vnic_add_client_data(), send_login(), handle_query_ip_offload_rsp() and handle_login_rsp() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.14 - 6.14.1

External links
https://git.kernel.org/stable/c/ae6b1d6c1acee3a2000394d83ec9f1028321e207
https://git.kernel.org/stable/c/d93a6caab5d7d9b5ce034d75b1e1e993338e3852
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Ubuntu update for linux-aws
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
Red Hat Enterprise Linux 9 update for kernel
Red Hat Enterprise Linux 9 update for kernel-rt
Red Hat Enterprise Linux 9 update for kernel
Red Hat Enterprise Linux 9 update for kernel-rt
Red Hat Enterprise Linux 10 update for kernel
Ubuntu update for linux-azure
Ubuntu update for linux