CVE-2025-21782: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21782 is a vulnerability discovered in the Linux kernel affecting the OrangeFS filesystem component. The issue was identified on February 26, 2025, and involves an out-of-bounds read vulnerability in the orangefsdebugwrite function. This vulnerability affects multiple versions of the Linux kernel, including versions from 6.13 to 6.13.4, 6.2 to 6.6.79, 6.7 to 6.12.16, and versions prior to 6.1.129 (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the orangefsdebugwrite function of the Linux kernel's OrangeFS filesystem component. The issue occurs when handling debug write operations with specific string lengths. The CVSS v3.1 base score is 7.1 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H, indicating local access requirements with low attack complexity (NVD).

The vulnerability allows for a slab-out-of-bounds read in the orangefsdebugwrite function, which could potentially lead to information disclosure or system crashes. The high CVSS score indicates significant potential impact on system confidentiality and availability (NVD).

A patch has been developed and committed to the Linux kernel that fixes the vulnerability by correcting the string length handling in the orangefsdebugwrite function. The fix involves modifying the condition for maximum debug string length checking and its corresponding value assignment (Kernel Patch).