CVE-2025-2073

Published: Apr 16, 2025Modified: Jul 11, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure

Affected (1)

Products: Google: Chrome Os

Google

1 product

Chrome Os

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Google Chrome Os	Version 16093.103.0

Running on/with	Platform Versions
Linux Linux Kernel	Version 4.19
Linux Linux Kernel	Version 5.10
Linux Linux Kernel	Version 5.15
Linux Linux Kernel	Version 6.1

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://issues.chromium.org/issues/b/380043638

Source: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Broken Link

https://issuetracker.google.com/issues/380043638

Source: 7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

ExploitIssue TrackingMailing List

Timeline

No history available yet.