Bug 2342796 (CVE-2025-24528)

Summary: CVE-2025-24528 krb5: overflow when calculating ulog block size
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abokovoy, brking, davidn, haoli, hkataria, jajackso, jcammara, jmitchel, jneedle, jrische, kegrant, koliveir, kshier, mabashia, pbraun, shvarugh, simaishi, smcdonal, stcannon, teagle, tfister, thavo, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2342810, 2342811    
Bug Blocks:    

Description OSIDB Bzimport 2025-01-29 13:51:41 UTC 
In MIT krb5 release 1.7 and later with incremental propagation
enabled, an authenticated attacker can cause kadmind to write beyond
the end of the mapped region for the iprop log file, likely causing a
process crash.
Comment 2 errata-xmlrpc 2025-02-12 15:55:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1352 https://access.redhat.com/errata/RHSA-2025:1352
Comment 3 errata-xmlrpc 2025-03-13 10:41:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:2722 https://access.redhat.com/errata/RHSA-2025:2722
Comment 5 errata-xmlrpc 2025-05-13 09:55:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7067 https://access.redhat.com/errata/RHSA-2025:7067